CVE-2026-39616
- EPSS 0.21%
- Veröffentlicht 08.04.2026 08:30:25
- Zuletzt bearbeitet 29.04.2026 10:17:31
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= ...
CVE-2025-49995
- EPSS 0.3%
- Veröffentlicht 20.06.2025 15:15:25
- Zuletzt bearbeitet 23.04.2026 15:31:56
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= ...
CVE-2024-3230
- EPSS 0.33%
- Veröffentlicht 04.06.2024 06:15:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user ...
CVE-2023-0076
- EPSS 0.48%
- Veröffentlicht 06.03.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 07:36:30
The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...