CVE-2025-14633

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...

EUVD-2025-204627

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...

CVE-2025-14633

The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...

CVE-2025-14633

CVE-2025-14633 affects the F70 Lead Document Download plugin for WordPress (versions ≤ 1.4.4). A missing capability check in the file_download function allows unauthenticated attackers to download any media-library file by enumerating attachment IDs. Wordfence’s entry for this CVE notes the patch...

WordPress plugin F70 Lead Document Download 安全漏洞

...

WordPress F70 Lead Document Download plugin <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability

Missing Authorization to Unauthenticated Arbitrary Media File Download vulnerability discovered by ChamlaVic in WordPress Plugin F70 Lead Document Download versions = 1.4.4...