Vulnerabilities > Metagauss > Download Plugin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-28 | CVE-2022-36345 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions. | 8.8 |
| 2022-11-28 | CVE-2021-25059 | Unspecified vulnerability in Metagauss Download Plugin 1.6.1/1.6.2 The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. | 4.3 |
| 2021-11-23 | CVE-2021-24703 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. | 5.7 |