RSS   Vulnerabilities for 'Download plugin'   RSS

2021-11-23
 
CVE-2021-24703

CWE-732
 

 
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.

 

 >>> Vendor: Metagauss 4 Products
Profilegrid
Registrationmagic
Download plugin
Leadmagic


Copyright 2024, cxsecurity.com

 

Back to Top