Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3
CVE-2025-49995
- EPSS 0.04%
- Veröffentlicht 20.06.2025 15:15:25
- Zuletzt bearbeitet 23.06.2025 20:16:40
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Attachments: from n/a through 1.3.1.
6.4
CVE-2024-3230
- EPSS 0.31%
- Veröffentlicht 04.06.2024 06:15:10
- Zuletzt bearbeitet 21.11.2024 09:29:11
The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user ...
5.4
CVE-2023-0076
- EPSS 0.14%
- Veröffentlicht 06.03.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 07:36:30
The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...
1