Vulnerabilities > Metagauss > Download Plugin > 1.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-9829 | Missing Authorization vulnerability in Metagauss Download Plugin The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. | 6.5 |
| 2023-05-28 | CVE-2022-36345 | Unspecified vulnerability in Metagauss Download Plugin Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions. | 8.8 |
| 2022-11-28 | CVE-2021-25059 | Unspecified vulnerability in Metagauss Download Plugin 1.6.1/1.6.2 The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. | 4.3 |