14 matches found
CVE-2025-14399
Technical details for CVE-2025-14399 are not publicly provided in the supplied documents; monitor for updates from Wordfence/WordPress vulnerability feeds.
EUVD-2019-7655
Malware in sbrugna...
CVE-2024-35162
Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switchthemes" privilege may obtain arbitrary files on the server...
PT-2025-2634 · Ibm · Bigfix Patch Download Plug-Ins
Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue concerns a path traversal vulnerability. This could allow operators to download files from a local repository that is vulnerable to path traversal attacks...
CVE-2024-9232 Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Reflected Cross-Site Scripting
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to...
CVE-2024-9232
The WordPress plugin Download Plugins and Themes in ZIP from Dashboard is vulnerable to Reflected XSS in versions ≤ 1.9.1 due to improper escaping of URLs via add_query_arg, enabling unauthenticated attackers to inject scripts if a user is persuaded to click a crafted link. Affected: Download Plu...
WordPress Download Plugins and Themes in ZIP from Dashboard plugin <= 1.9.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Download Plugins and Themes from Dashboard versions = 1.9.1...
CVE-2024-7501 Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the downloadtheme function. This makes it possible for unauthenticated...
CVE-2024-35162
Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switchthemes" privilege may obtain arbitrary files on the server...
CVE-2024-35162
Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switchthemes" privilege may obtain arbitrary files on the server...
CVE-2024-35162
Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switchthemes" privilege may obtain arbitrary files on the server...
CVE-2022-42451
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user...
WordPress download-plugins-dashboard plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress download-plugins-dashboard plugin. The...
CVE-2019-17239
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues...