Security Advisory

CVE-2021-25059

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-28 13:47:09

Last updated 2025-04-25 15:03:10

Assigner WPScan

State PUBLISHED

Description

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backups nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

← Browse all CVEs View on cve.org ↗