cleantalk
Vulnerabilities and Security Researches

Zip Attachments, CVE-2025-11701

CVE, Research URL

CVE-2025-11701

Home page URL

Security reports for Zip Attachments

Application

Zip Attachments

Published on
Oct 15, 2025
Research Description
The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the za_create_zip_callback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to download attachments from private and password-protected posts.
Affected versions
max 1.6.
Status
vulnerable
Previous vulnerability researches
Schema & Structured Data for WP & AMP (CVE-2024-49683) , Oct 25, 2024
Schema & Structured Data for WP & AMP (CVE-2025-11502) , Nov 10, 2025
Schema & Structured Data for WP & AMP (CVE-2025-9512) , Oct 11, 2025
Schema & Structured Data for WP & AMP (CVE-2024-1586) , Jun 07, 2024
Schema & Structured Data for WP & AMP (CVE-2023-51677) , Jun 07, 2024
New vulnerability
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-10185) , Nov 10, 2025
Auto Login After Registration (CVE-2025-49946) , Nov 10, 2025
Trinity Audio – Text to Speech AI audio player to convert content into audio (CVE-2025-9196) , Nov 10, 2025
Multi Item Responsive Slider (CVE-2025-11992) , Nov 10, 2025
Restrict User Registration (CVE-2023-53599) , Nov 10, 2025