cleantalk
Vulnerabilities and Security Researches

Download Plugin, CVE-2021-24703

CVE, Research URL

CVE-2021-24703

Home page URL

Security reports for Download Plugin

Application

Download Plugin

Published on
Nov 24, 2021
Research Description
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
Affected versions
Min -, max 1.0.2.
Status
vulnerable
Previous vulnerability researches
Download Plugin (CVE-2024-9829) , Oct 24, 2024
Download Plugin (CVE-2021-25059) , Jun 07, 2024
Download Plugin (CVE-2022-36345) , Jun 07, 2024
Download Plugin (CVE-2021-24703) , Jun 07, 2024
Download Plugin (CVE-2025-6586) , Jul 05, 2025
New vulnerability
WP Compress – Image Optimizer [All-In-One] (CVE-2025-47479) , Jul 05, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-5567) , Jul 05, 2025
URL Shortener Plugin For WordPress (CVE-2025-28963) , Jul 05, 2025
WP Travel Gutenberg Blocks (CVE-2025-53207) , Jul 05, 2025
PayMaster for WooCommerce (CVE-2025-6729) , Jul 05, 2025