Vulnerability Details CVE-2021-25059
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.5%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2021-25059
-
cpe:2.3:a:metagauss:download_plugin:-
-
cpe:2.3:a:metagauss:download_plugin:1.6.1
-
cpe:2.3:a:metagauss:download_plugin:1.6.2