Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High1
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-07-09

CVE-2025-6586 - Download Plugin

The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Download

CVE-2025-6586

HIGH CVSS 7.2 2025-07-04
Open Full Technical Breakdown
Threat Entry Updated 2024-10-25

CVE-2024-9829 - Download Plugin

The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed.

PLUGIN Download

CVE-2024-9829

MEDIUM CVSS 6.5 2024-10-23
Open Full Technical Breakdown
Threat Entry Updated 2025-04-25

CVE-2021-25059 - Download Plugin

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

PLUGIN Download

CVE-2021-25059

MEDIUM CVSS 4.3 2022-11-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24703 - Download Plugin

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.

PLUGIN Download

CVE-2021-24703

MEDIUM CVSS 5.7 2021-11-23
Open Full Technical Breakdown
Scroll to top