WordPress Plugin Vulnerabilities

Download < 2.0.5 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an attacker to trick a logged in high privilege user to perform actions on their behalf by submitting a crafted request.

Affects Plugins

Plugin icon
download-plugin
Fixed in 2.0.5

References

CVE
CVE-2022-36345

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
601dbe65-15c9-4203-892d-d320c611233e

Timeline

Publicly Published
2023-05-24 (about 2 years ago)
Added
2023-05-29 (about 2 years ago)
Last Updated
2023-05-29 (about 2 years ago)

Other

Published
Title
Published
2022-09-11
Title
RD Station < 5.2.1 - Multiple CSRF
Published
2024-12-24
Title
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages < 3.2.8 - Cross-Site Request Forgery
Published
2023-07-26
Title
WP Tell a Friend Popup Form <= 7.1 - Settings Update via CSRF
Published
2022-05-30
Title
PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
Published
2026-04-30
Title
WP Editor < 1.2.9.3 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor