Z-Downloads < 1.11.7 - Cross-Site Scripting

The plugin does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. id: CVE-2024-8673 info: name: Z-Downloads 1.11.7 - Cross-Site Scripting author: Splint3r7 severity: low description: | The plugin does not properly validate uploaded files...

CVE-2024-34555

Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3...

EUVD-2024-34858

Malicious code in bioql PyPI...

EUVD-2024-52333

Malicious code in bioql PyPI...

CVE-2024-54206

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in URBAN BASE Z-Downloads z-downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through = 1.11.7...

WordPress Z-Downloads plugin < 1.11.6 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Minh Giang & Christopher Houk in WordPress Plugin Z-Downloads versions 1.11.6...

WordPress Z-Downloads plugin < 1.11.5 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Minh Giang & Christopher Houk in WordPress Plugin Z-Downloads versions 1.11.5...

CVE-2024-8703

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

CVE-2024-8699

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-8673

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript...

CVE-2024-8703

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

CVE-2024-8703

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

CVE-2024-8699

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-8673

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript...

CVE-2024-8699

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-8703

The CVE reports a stored Cross-Site Scripting vulnerability in the Z-Downloads WordPress plugin prior to version 1.11.6. The root cause is insufficient sanitisation/escaping of certain parameters when they are output on share URLs, enabling unauthenticated users to inject script code. Affected so...

CVE-2024-8703 Z-Downloads < 1.11.6 - Unauthenticated Stored XSS

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

CVE-2024-8703 Z-Downloads < 1.11.6 - Unauthenticated Stored XSS

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs...

CVE-2024-8673 Z-Downloads < 1.11.7 - Admin+ Stored XSS via SVG Upload

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript...

CVE-2024-8699 Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...