cleantalk
Vulnerabilities and Security Researches

Z-Downloads, CVE-2024-8703

CVE, Research URL

CVE-2024-8703

Home page URL

Security reports for Z-Downloads

Application

Z-Downloads

Published on
May 16, 2025
Research Description
The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs.
Affected versions
Min -, max 1.11.6.
Status
vulnerable
Previous vulnerability researches
UiPress lite | Effortless custom dashboards, admin themes and pages (CVE-2025-1309) , Mar 09, 2025
UiPress lite | Effortless custom dashboards, admin themes and pages (CVE-2024-38788) , Jul 22, 2024
UiPress lite | Effortless custom dashboards, admin themes and pages (CVE-2025-3053) , May 15, 2025
New vulnerability
Melapress File Monitor (CVE-2024-9879) , May 19, 2025
Polls CP (CVE-2024-8854) , May 19, 2025
Polls CP (CVE-2024-8851) , May 19, 2025
Widgets Reset (CVE-2024-8082) , May 19, 2025
MapPress Maps for WordPress (CVE-2024-8620) , May 19, 2025