The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the dpwap_handle_download_user and dpwap_handle_download_comment functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed.
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Download_plugin | Metagauss | * | 2.2.1 (excluding) |
Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user’s privileges and any permissions or other access-control specifications that apply to the resource. When access control checks are not applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution.