2022-11-28 13:47:09
WPScan
PUBLISHED
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backups nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.