CVE-2025-6586 | Download Plugin up to 2.2.8 on WordPress dpwap_plugin_locInstall unrestricted upload

July 3, 2025 Yanac

A vulnerability classified as critical has been found in Download Plugin up to 2.2.8 on WordPress. Affected is the function dpwap_plugin_locInstall. The manipulation leads to unrestricted upload.

This vulnerability is traded as CVE-2025-6586. It is possible to launch the attack remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-6814 | Booking X Plugin up to 1.1.2 on WordPress HTTP POST Request export_now authorization
CVE-2025-5956 | WP Human Resource Management Plugin up to 2.2.17 on WordPress ajax_delete_employee delete authorization