cleantalk
Vulnerabilities and Security Researches

Download Plugin, CVE-2021-25059

CVE, Research URL

CVE-2021-25059

Home page URL

Security reports for Download Plugin

Application

Download Plugin

Published on
Nov 28, 2022
Research Description
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
Affected versions
Min -, max 2.0.0.
Status
vulnerable
Previous vulnerability researches
Download Plugin (CVE-2024-9829) , Oct 24, 2024
Download Plugin (CVE-2021-25059) , Jun 07, 2024
Download Plugin (CVE-2022-36345) , Jun 07, 2024
Download Plugin (CVE-2021-24703) , Jun 07, 2024
Download Plugin (CVE-2025-6586) , Jul 05, 2025
New vulnerability
WP Compress – Image Optimizer [All-In-One] (CVE-2025-47479) , Jul 05, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-5567) , Jul 05, 2025
URL Shortener Plugin For WordPress (CVE-2025-28963) , Jul 05, 2025
WP Travel Gutenberg Blocks (CVE-2025-53207) , Jul 05, 2025
PayMaster for WooCommerce (CVE-2025-6729) , Jul 05, 2025