Vulnerabilities and security researches forfiles-download-delay files-download-delay

Jun 07, 2024

CVE, Research URL: CVE-2022-1570
Home page URL: Security reports for Files Download Delay
Application: Files Download Delay
Date: Jun 08, 2022
Research Description: The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.
Affected versions: max 1.0.7.
Status: vulnerable

CVE, Research URL: 124ec61bb40bd2adc543e0ac585aaa2cd8366dbe
Home page URL: Security reports for Files Download Delay
Application: Files Download Delay
Date: Feb 28, 2022
Research Description: Files Download Delay [files-download-delay] < 1.0.4 (closed) WordPress Files Download Delay plugin < 1.0.4 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Files Download Delay plugin (versions < 1.0.4).
Affected versions: max 1.0.4.
Status: vulnerable

Jan 10, 2025

CVE, Research URL: CVE-2024-12493
Home page URL: Security reports for Files Download Delay
Application: Files Download Delay
Date: Jan 09, 2025
Research Description: The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.9.
Status: vulnerable

Jun 13, 2026

CVE, Research URL: CVE-2023-33999
Home page URL: Security reports for Files Download Delay
Application: Files Download Delay
Date: Jun 11, 2026
Research Description: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
Affected versions: max 1.0.9.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 83c3cbc04212eed59c22955c24f7c4034c6c746e
Home page URL: Security reports for Files Download Delay
Application: Files Download Delay
Date: Feb 28, 2022
Research Description: Files Download Delay [files-download-delay] < 1.0.4 (closed) WordPress Files Download Delay plugin < 1.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Files Download Delay plugin (versions < 1.0.4).
Affected versions: max 1.0.4.
Status: vulnerable