CVE-2025-11701

The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...

CVE-2025-11701

The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...

EUVD-2025-34547

The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the...

CVE-2025-11692

CVE-2025-11692 affects the Zip Attachments WordPress plugin (versions up to 1.6). The vulnerability is due to missing authorization/capability checks on download.php, enabling unauthenticated attackers to delete arbitrary files in the wp_upload_dir. Connected sources (Wordfence, NVD, CVE records)...

CVE-2015-4694

CVE-2015-4694 affects the WordPress Zip Attachments plugin (versions before 1.5.1). A directory traversal flaw in download.php (za_file parameter) allows an attacker to read arbitrary files. Public references describe this as an arbitrary file retrieval/vulnerability in the plugin. Remediation: u...

WordPress Zip Attachments Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in the WordPress Zip Attachments plugin, which allows remote attackers to exploit the vulnerability by submitting a...