Primary

Context

Z-Downloads WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

Patched

A vulnerability exists in the Z-Downloads WordPress plugin in versions prior to 1.11.5, where the plugin fails to properly validate uploaded files. This flaw allows high-privilege users, such as administrators, to upload arbitrary files to the server, even in situations where such actions should be restricted, like in a multisite environment.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, potentially allowing for further actions such as executing uploaded files if the server is configured to do so.

Remediation

Users are advised to update the Z-Downloads WordPress plugin to version 1.11.5 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.0

exploitability

6.3

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.0

exploitability

6.3

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Z-Downloads WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Z-Downloads

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating