Vulnerabilities and security researches forwp-downgrade wp-downgrade

Jun 07, 2024

CVE, Research URL: CVE-2022-1001
Home page URL: Security reports for WP Downgrade | Specific Core Version
Application: WP Downgrade | Specific Core Version
Date: Apr 18, 2022
Research Description: The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfiltered_html capability is disallowed
Affected versions: Min -, max -.
Status: vulnerable

Aug 20, 2025

PSC, Research URL: PSC-2025-64586
Home page URL: Security reports for WP Downgrade | Specific Core Version
Application: WP Downgrade | Specific Core Version
Date: Aug 21, 2025
Research Description: WP Downgrade | Specific Core Version is a vital WordPress plugin that allows administrators to downgrade or update their WordPress Core to a specific release. Unlike the default WordPress update routine, which only installs the latest release, this plugin provides flexible control over Core updates, enabling users to remain on a previous secure version or selectively update to compatible releases. This is particularly useful for sites relying on plugins or themes that are not yet compatible with the latest WordPress release. By forcing WordPress to recognize a chosen version as the latest, WP Downgrade simplifies updates while maintaining compatibility and stability. With the new advanced option, users can manually adjust the download link, enabling tasks like language-specific core downloads or fetching releases from alternative sources—all without compromising security.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED