WordPress Plugin Vulnerabilities

Download Plugin < 2.2.1 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download

Description

The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed.

Affects Plugins

Plugin icon
download-plugin
Fixed in 2.2.1

References

CVE
CVE-2024-9829
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e0891211-e4b3-4dcf-8ee0-e20abeb91640

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
stealthcopter, Brian Sans-Souci (liardom)
Verified
No
WPVDB ID
ccb1bcaf-d88f-4a6f-9208-c740e83e03f7

Timeline

Publicly Published
2024-10-22 (about 1 year ago)
Added
2024-10-22 (about 1 year ago)
Last Updated
2024-10-23 (about 1 year ago)

Other

Published
Title
Published
2022-12-16
Title
ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup
Published
2024-07-01
Title
CRM Perks Forms < 1.1.6 - Missing Authorization to Unauthenticated Form Submission
Published
2025-01-07
Title
Title Experiments Free <= 9.0.4 - Missing Authorization
Published
2025-08-26
Title
Javo Core <= 3.0.0.529 - Unauthenticated Arbitrary Content Deletion
Published
2024-11-20
Title
Multiple Themes - Authenticated (Subscriber+) Arbitrary Plugin Activation and Deactivation