VYPR
Unrated severityNVD Advisory· Published Nov 23, 2021· Updated Aug 3, 2024

Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation

CVE-2021-24703

Description

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.