The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/fed2cd26-7ccb-419d-b589-978410953bf4/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/fed2cd26-7ccb-419d-b589-978410953bf4/ | Exploit Third Party Advisory |
Configurations
History
28 May 2025, 15:42
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:urbanbase:z-downloads:*:*:*:*:*:wordpress:*:* | |
| CWE | NVD-CWE-noinfo | |
| First Time |
Urbanbase z-downloads
Urbanbase |
|
| References | () https://wpscan.com/vulnerability/fed2cd26-7ccb-419d-b589-978410953bf4/ - Exploit, Third Party Advisory |
15 May 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-05-15 20:15
Updated : 2025-05-28 15:42
NVD link : CVE-2024-8673
Mitre link : CVE-2024-8673
JSON object : View
Products Affected
urbanbase
- z-downloads
CWE