Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Download_plugin
(Metagauss)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-23 | CVE-2021-24703 | The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. | Download_plugin | 5.7 | ||
| 2022-11-28 | CVE-2021-25059 | The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. | Download_plugin | 4.3 | ||
| 2023-05-28 | CVE-2022-36345 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download PluginĀ <= 2.0.4 versions. | Download_plugin | 8.8 | ||
| 2024-10-23 | CVE-2024-9829 | The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and... | Download_plugin | 6.5 |