Dfactory

Download Attachments

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-39616

  • EPSS 0.02%
  • Veröffentlicht 08.04.2026 08:30:25
  • Zuletzt bearbeitet 14.04.2026 15:16:35

Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= ...

5.3

CVE-2025-49995

  • EPSS 0.03%
  • Veröffentlicht 20.06.2025 15:15:25
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= ...

6.4

CVE-2024-3230

  • EPSS 0.36%
  • Veröffentlicht 04.06.2024 06:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user ...

5.4

CVE-2023-0076

  • EPSS 0.26%
  • Veröffentlicht 06.03.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:30

The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...