4 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed. • https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L242 https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L262 https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L335 https://plugins.trac.wordpress.org/changeset/3170600 https://www.wordfence.com/threat-intel/vulnerabilities/id/e0891211-e4b3-4dcf-8ee0-e20abeb91640?source=cve • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions. The Download Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.4. This is due to missing nonce validation on the dpwap_plugin_download_action, dpwap_theme_download, and dpwap_plugin_multiple_download_func functions. This makes it possible for unauthenticated attackers toforce an administrator into downloading plugin zips, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/download-plugin/wordpress-download-plugin-2-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. El complemento Download Plugin de WordPress anterior a 2.0.0 no valida adecuadamente que un usuario tenga los privilegios necesarios para acceder al identificador nonce de una copia de seguridad, lo que puede permitir a cualquier usuario con una cuenta en el sitio (como un suscriptor) descargar una copia completa del sitio web. The Download Plugin plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.6.2 due to missing capability checks on the dpwap_plugin_multiple_download_func function. This makes it possible for authenticated attackers with subscriber-level attackers to create and download arbitrary content as backup zip files in the wp-content folder. • https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. El plugin Download Plugin de WordPress versiones anteriores a 1.6.1, no tiene comprobaciones de capacidad y de tipo CSRF en la acción dpwap_plugin_activate AJAX, que permite a cualquier usuario autenticado, como los suscriptores, activar plugins que ya están instalados • https://wpscan.com/vulnerability/4ed8296e-1306-481f-9a22-723b051122c0 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-732: Incorrect Permission Assignment for Critical Resource •