Urbanbase Z-downloads
3 CVEs affecting Urbanbase Z-downloads. Latest disclosed: 2025-05-15. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8673 | Critical | 9.1 | 2025-05-15 | The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. |
CVE-2024-8699 | High | 7.2 | 2025-05-15 | The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files… |
CVE-2024-8703 | Medium | 6.1 | 2025-05-15 | The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated… |