Vulnerabilities > CVE-2021-25059 - Unspecified vulnerability in Metagauss Download Plugin 1.6.1/1.6.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |