Wp File Download

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-5034 HIGH POC PATCH This Week

CVE-2025-5034 is a Reflected Cross-Site Scripting (XSS) vulnerability in the wp-file-download WordPress plugin versions before 6.2.6, caused by failure to sanitize and escape user-supplied parameters before output. Attackers can craft malicious URLs containing JavaScript payloads that execute in victims' browsers when clicked, potentially stealing session cookies, hijacking accounts, or performing unauthorized actions. The vulnerability requires user interaction (clicking a link) but affects all users without authentication requirements, making it a moderate-to-significant risk for WordPress installations using this plugin.

WordPress XSS PHP Wp File Download
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-5034
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

CVE-2025-5034 is a Reflected Cross-Site Scripting (XSS) vulnerability in the wp-file-download WordPress plugin versions before 6.2.6, caused by failure to sanitize and escape user-supplied parameters before output. Attackers can craft malicious URLs containing JavaScript payloads that execute in victims' browsers when clicked, potentially stealing session cookies, hijacking accounts, or performing unauthorized actions. The vulnerability requires user interaction (clicking a link) but affects all users without authentication requirements, making it a moderate-to-significant risk for WordPress installations using this plugin.

WordPress XSS PHP +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy