cleantalk
Vulnerabilities and Security Researches

Download Attachments, CVE-2025-49995

CVE, Research URL

CVE-2025-49995

Home page URL

Security reports for Download Attachments

Application

Download Attachments

Published on
Jun 20, 2025
Research Description
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Attachments: from n/a through 1.3.1.
Affected versions
Min -, max 1.3.1.
Status
vulnerable
Previous vulnerability researches
Free WP Mail SMTP (Official – 2019) (CVE-2025-28974) , Jun 15, 2025
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin (68ce888a3bdc02e62b7d57497d9bebac954992db) , Jun 06, 2024
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin (CVE-2024-6694) , Jul 21, 2024
New vulnerability
Import YouTube videos as WP Posts (CVE-2025-52802) , Jun 23, 2025
Download Attachments (CVE-2025-49995) , Jun 23, 2025
WP User Profile Avatar (CVE-2025-49980) , Jun 23, 2025
Mailing Group Listserv (CVE-2025-50036) , Jun 23, 2025
XML Travel Portal Widget (CVE-2025-49968) , Jun 23, 2025