2 matches found
CVE-2024-9829
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwaphandledownloaduser' and 'dpwaphandledownloadcomment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, wit...
WordPress Download Plugin Plugin <= 2.2.0 is vulnerable to Broken Access Control
Software Download Plugin Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9829 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da1ab1cf4af2 Credits WordFence Required...