VYPR

Download From Files

by WordPress

CVEs (1)

  • CVE-2021-47940CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint…