Vulners
Lucene search
CVE-2025-6586
🗓️ 04 Jul 2025 01:44:03Reported by WordfenceType 
cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 30 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Exploit for Unrestricted Upload of File with Dangerous Type in Metagauss Download_Plugin | 25 Jun 202505:13 | – | githubexploit |
 | CVE-2025-6586 | 4 Jul 202507:35 | – | circl |
 | WordPress plugin Download Plugin code issue vulnerability | 4 Jul 202500:00 | – | cnnvd |
 | CVE-2025-6586 Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload | 4 Jul 202501:44 | – | cvelist |
 | EUVD-2025-19921 | 3 Oct 202520:07 | – | euvd |
 | CVE-2025-6586 | 4 Jul 202503:15 | – | nvd |
 | WordPress Download Plugin plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload vulnerability | 3 Jul 202523:42 | – | patchstack |
 | PT-2025-27848 · Unknown · Download Plugin | 4 Jul 202500:00 | – | ptsecurity |
 | CVE-2025-6586 | 6 Jul 202502:18 | – | redhatcve |
 | CVE-2025-6586 Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload | 4 Jul 202501:44 | – | vulnrichment |
10
Node
[
{
"vendor": "metagauss",
"product": "Download Plugin",
"versions": [
{
"version": "0",
"status": "affected",
"lessThanOrEqual": "2.2.8",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| dpwap_locInstall | request body | /wp-admin/admin.php?page=mul_upload | Admin uploader flow vulnerable to arbitrary file upload via missing file type validation in dpwap_plugin_locInstall | CWE-434 |
| dpwap_locFiles | request body | /wp-admin/admin.php?page=mul_upload | Admin uploader flow vulnerable to arbitrary file upload via missing file type validation in dpwap_plugin_locInstall | CWE-434 |
| dpwap_locInstall | nested | /wp-content/plugins/download-plugin/app/Plugins/templates/multiple_upload_plugin.php | Upload template referenced by multiple_upload_plugin.php used in the vulnerable flow | CWE-434 |
| dpwap_locFiles | nested | /wp-content/plugins/download-plugin/app/Plugins/templates/multiple_upload_plugin.php | Upload template referenced by multiple_upload_plugin.php used in the vulnerable flow | CWE-434 |
| dpwap_locInstall | path | /wp-content/plugins/download-plugin/app/Plugins/Dpwapuploader.php | Dpwapuploader PHP file that handles the locInstall operation enabling file movement to web-accessible directory | CWE-434 |
| dpwap_locFiles | path | /wp-content/plugins/download-plugin/app/Plugins/Dpwapuploader.php | Dpwapuploader PHP file that handles the locInstall operation enabling file movement to web-accessible directory | CWE-434 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Apr 2026 14:16Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.2
EPSS0.00627
SSVC