Dfactory Download Attachments
3 CVEs affecting Dfactory Download Attachments. Latest disclosed: 2026-04-08. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3230 | Medium | 6.4 | 2024-06-04 | The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up… |
CVE-2026-39616 | Medium | 5.3 | 2026-04-08 | Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured A… |
CVE-2025-49995 | Medium | 5.3 | 2025-06-20 | Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured A… |