37 matches found
CVE-2026-42071
Summary: CVE-2026-42071 affects MantisBT, specifically versions 2.23.0 through 2.28.1, where a missing authorization check in the file visibility function allows any authenticated user (REPORTER+) to download attachments from private bugnotes via REST API GET /api/rest/issues/{id}/files and SOAP ...
CVE-2026-39616
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...
EUVD-2026-20255
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...
CVE-2026-39616
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...
CVE-2026-39616 WordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...
CVE-2026-39616 WordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...
CVE-2026-39616
CVE-2026-39616 affects the WordPress Download Attachments plugin
PT-2026-31181
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...
EUVD-2025-28346
Malicious code in bioql PyPI...
EUVD-2024-45927
Malicious code in bioql PyPI...
WordPress Download Attachments plugin Improper Access Control Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress Download Attachments plugin that stems from a user control key leading to an authorization bypass, no details of...
CVE-2025-49995
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.3.1...
CVE-2025-49995
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.3.1...
CVE-2025-49995 WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.3.1...
CVE-2025-49995
CVE-2025-49995 concerns the WordPress Download Attachments plugin (versions
CVE-2025-49995 WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Attachments: from n/a through 1.3.1...
WordPress plugin Download Attachments 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress Download Attachments plugin that stems from a user control key leading to an authorization bypass, no details of...
PT-2025-26361 · Unknown · Dfactory Download Attachments
Name of the Vulnerable Software and Affected Versions: dFactory Download Attachments versions n/a through 1.3.1 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability, which allows exploiting incorrectly configured access control security levels. Th...
CVE-2024-3230
The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3230
The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...