The Download Plugin WordPress plugin prior to 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
metagauss download plugin |