VYPR
Unrated severityNVD Advisory· Published Nov 28, 2022· Updated Apr 25, 2025

Download Plugin < 2.0.0 - Subscriber+ Website Download

CVE-2021-25059

Description

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2021-25059 · VYPR