The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-23T19:16:07
Updated: 2024-08-03T19:42:16.132Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24703
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-11-23T20:15:09.757
Modified: 2022-10-24T16:32:49.710
Link: CVE-2021-24703
Redhat
No data.