Unrated severityNVD Advisory· Published Nov 23, 2021· Updated Aug 3, 2024
Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation
CVE-2021-24703
Description
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Download Plugindescription
- Range: <1.6.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/4ed8296e-1306-481f-9a22-723b051122c0mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.