cleantalk
Vulnerabilities and Security Researches

Zip Attachments, CVE-2025-11701

CVE, Research URL

CVE-2025-11701

Home page URL

Security reports for Zip Attachments

Application

Zip Attachments

Published on
Oct 15, 2025
Research Description
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the za_create_zip_callback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to download attachments from private and password-protected posts.
Affected versions
max 1.6.
Status
vulnerable
Previous vulnerability researches
GenerateBlocks (CVE-2024-13546) , Mar 01, 2025
GenerateBlocks (CVE-2024-1452) , Jun 06, 2024
GenerateBlocks (CVE-2021-24751) , Jun 06, 2024
GenerateBlocks (CVE-2025-11879) , Nov 10, 2025
New vulnerability
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-10567) , Nov 10, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-10185) , Nov 10, 2025
Auto Login After Registration (CVE-2025-49946) , Nov 10, 2025
Trinity Audio – Text to Speech AI audio player to convert content into audio (CVE-2025-9196) , Nov 10, 2025
Multi Item Responsive Slider (CVE-2025-11992) , Nov 10, 2025