Back to search
CVE-2021-25059
Published: Nov 28, 2022
Modified: Apr 25, 2025
PUBLISHED
Description
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Download Plugin | affected 0 - < 2.0.0 |
References
https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629
exploit
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now