All 4 CVE vulnerabilities found in Download Attachments, with AI-generated Chinese analysis, references, and POCs.
Vendor: Unknown
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39616 | WordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerability CWE-639 | 9.1AI | CriticalAI | 2026-04-08 |
| CVE-2025-49995 | WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerability CWE-639 | 5.3 | Medium | 2025-06-20 |
| CVE-2024-3230 | Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 | 6.4 | Medium | 2024-06-04 |
| CVE-2023-0076 | Download Attachments < 1.3 - Contributor+ Stored XSS | 5.4 | - | 2023-03-06 |
All 4 known CVE vulnerabilities affecting Download Attachments with full Chinese analysis, references, and POCs where available.