Description
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/4ed8296e-1306-481f-9a22-723b051122c0
Scores
CVSS v3
5.7
EPSS
0.0017
EPSS Percentile
37.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
CWE-732
Status
published
Products (1)
metagauss/download_plugin
< 1.6.1
Published
Nov 23, 2021
Tracked Since
Feb 18, 2026