Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High0
Medium3
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-12-18

CVE-2025-14399 - Download Plugins And Themes In Zip From Dashboard

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the download_plugin_bulk and download_theme_bulk functions. This makes it possible for unauthenticated attackers to archive all the sites plugins and themes and place them in the `wp-content/uploads/` directory via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Download Plugins And Themes In Zip From Dashboard

CVE-2025-14399

MEDIUM CVSS 4.3 2025-12-17
Open Full Technical Breakdown
Threat Entry Updated 2024-10-15

CVE-2024-9232 - Download Plugins And Themes In Zip From Dashboard

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Download Plugins And Themes In Zip From Dashboard

CVE-2024-9232

MEDIUM CVSS 6.1 2024-10-11
Open Full Technical Breakdown
Threat Entry Updated 2024-08-19

CVE-2024-7501 - Download Plugins And Themes In Zip From Dashboard

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This makes it possible for unauthenticated attackers to download arbitrary themes from the website via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. In versions prior to 1.8.6 it was possible to download the entire sites files.

PLUGIN Download Plugins And Themes In Zip From Dashboard

CVE-2024-7501

MEDIUM CVSS 4.2 2024-08-16
Open Full Technical Breakdown
Scroll to top