Vulnerability Details CVE-2021-24703
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.8%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 3.5
References
Products affected by CVE-2021-24703
-
cpe:2.3:a:metagauss:download_plugin:-