cleantalk
Vulnerabilities and Security Researches

Zip Attachments, CVE-2025-11692

CVE, Research URL

CVE-2025-11692

Home page URL

Security reports for Zip Attachments

Application

Zip Attachments

Published on
Oct 15, 2025
Research Description
The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the current wp_upload_dir directory.
Affected versions
max 1.6.
Status
vulnerable
Previous vulnerability researches
Schema & Structured Data for WP & AMP (CVE-2024-49683) , Oct 25, 2024
Schema & Structured Data for WP & AMP (CVE-2025-11502) , Nov 10, 2025
Schema & Structured Data for WP & AMP (CVE-2025-9512) , Oct 11, 2025
Schema & Structured Data for WP & AMP (CVE-2024-1586) , Jun 07, 2024
Schema & Structured Data for WP & AMP (CVE-2023-51677) , Jun 07, 2024
New vulnerability
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-10185) , Nov 10, 2025
Auto Login After Registration (CVE-2025-49946) , Nov 10, 2025
Trinity Audio – Text to Speech AI audio player to convert content into audio (CVE-2025-9196) , Nov 10, 2025
Multi Item Responsive Slider (CVE-2025-11992) , Nov 10, 2025
Restrict User Registration (CVE-2023-53599) , Nov 10, 2025