CVE-2025-11072
CVE-2025-11072 concerns the MelAbu WP Download Counter Button WordPress plugin (versions up to 1.8.6.7). The issue is that the plugin does not validate the file path for downloads, which could allow an unauthenticated attacker to read/download arbitrary files. In public disclosures, Patchstack an...