11 matches found
WordPress Download Panel plugin unauthorized settings modification vulnerability
WordPress Download Panel plugin is a tool for managing, tracking and controlling WordPress website file downloads, supports custom post types, drag-and-drop uploads, access control, etc. It allows you to set download speed, password protection and IP blocking, and provides rich download templates...
CVE-2025-12961
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...
EUVD-2025-197935
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...
CVE-2025-12961
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...
CVE-2025-12961 Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...
CVE-2025-12961 Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification
The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...
CVE-2025-12961
The WordPress Download Panel plugin is vulnerable to unauthorized settings modification in all versions up to and including 1.3.3 due to a missing capability check on the wp_ajax_save_settings AJAX action inside the dlpn_save_settings() function. This allows authenticated attackers with Subscribe...
PT-2025-47264
Name of the Vulnerable Software and Affected Versions Download Panel plugin for WordPress versions up to and including 1.3.3 Description The Download Panel plugin for WordPress is susceptible to unauthorized settings modification. This is caused by a missing capability check on the 'wp ajax save...
WordPress plugin Download Panel 安全漏洞
WordPress Download Panel plugin is a tool for managing, tracking and controlling WordPress website file downloads, supports custom post types, drag-and-drop uploads, access control, etc. It allows you to set download speed, password protection and IP blocking, and provides rich download templates...
WordPress Download Panel plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Ivan Cese in WordPress Plugin Download Panel Biggiko Team versions = 1.3.3...
Mozilla Firefox Filename Spoofing Vulnerability
Mozilla Firefox browser Firefox is a free and open source browser for Windows, Linux and MacOSX platforms. A filename spoofing vulnerability exists in Mozilla Firefox in the Download panel. A remote user can use Unicode characters to spoof filenames in the Download panel...