Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Download_plugin
(Metagauss)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-28 | CVE-2021-25059 | The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. | Download_plugin | 4.3 | ||
| 2023-05-28 | CVE-2022-36345 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download PluginĀ <= 2.0.4 versions. | Download_plugin | 8.8 | ||
| 2021-11-23 | CVE-2021-24703 | The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. | Download_plugin | 5.7 |