WordPress Plugin Vulnerabilities

Download After Email 2.1.5 - 2.1.6 - Unauthorized Repeated Form Submissions

Description

The Download After Email – Subscribe & Download Form Plugin plugin for WordPress is vulnerable to unauthorized repeated form submission in versions 2.1.5 to 2.1.6. This is due to the plugin not properly limiting the number of requests a user can make. This makes it possible for unauthenticated attackers to initiate a download request several times.

Affects Plugins

Plugin icon
download-after-email
Fixed in 2.1.7

References

CVE
CVE-2025-54743
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7663359c-259e-4d74-8e62-ef4adda3a693

Miscellaneous

Original Researcher
Marcin 'maskopatol' Nowak
Verified
No
WPVDB ID
7e34d14b-80e2-412a-bb6b-3c95f11faaf0

Timeline

Publicly Published
2025-09-25 (about 6 months ago)
Added
2025-09-30 (about 6 months ago)
Last Updated
2025-09-30 (about 6 months ago)

Other

Published
Title
Published
2021-10-25
Title
Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS
Published
2014-08-27
Title
WordPress 3.5-3.7.1 - XML-RPC Denial of Service
Published
2024-07-03
Title
Premium Addons for Elementor < 4.10.36 - Regular Expressions Denial of Service
Published
2023-10-12
Title
WP < 6.3.2 - Denial of Service via Cache Poisoning
Published
2016-08-20
Title
WordPress 4.5.3 - Authenticated Denial of Service (DoS)