4 matches found
WordPress Z-Downloads plugin < 1.11.5 - Admin+ Arbitrary File Upload vulnerability
Admin+ Arbitrary File Upload vulnerability discovered by Minh Giang & Christopher Houk in WordPress Plugin Z-Downloads versions 1.11.5...
CVE-2024-8699
The CVE targets the Z-Downloads WordPress plugin prior to version 1.11.5. Affected component: file upload handling in the plugin. Root cause: uploaded files are not properly validated, enabling high-privilege users (e.g., admins) to upload arbitrary files on the server, including in multisite con...
CVE-2024-8699 Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2024-8699 Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...