CVE-2021-25059 - Vulnerability Details - OpenCVE

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Metagauss	Download Plugin

Configuration 1 [-]

cpe:2.3:a:metagauss:download_plugin:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629

History

Fri, 25 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-11-28T13:47:09.324Z

Updated: 2025-04-25T15:03:10.128Z

Reserved: 2021-01-14T15:03:46.862Z

Link: CVE-2021-25059

Vulnrichment

Updated: 2024-08-03T19:49:14.560Z

NVD

Status : Modified

Published: 2022-11-28T14:15:10.663

Modified: 2025-04-25T15:15:29.763

Link: CVE-2021-25059

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-25059", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2021-01-14T15:03:46.862Z", "datePublished": "2022-11-28T13:47:09.324Z", "dateUpdated": "2025-04-25T15:03:10.128Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-11-28T13:47:09.324Z"}, "title": "Download Plugin < 2.0.0 - Subscriber+ Website Download", "problemTypes": [{"descriptions": [{"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Download Plugin", "collectionURL": "https://wordpress.org/plugins", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "2.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website."}], "references": [{"url": "https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629", "tags": ["exploit", "technical-description"]}], "credits": [{"lang": "en", "value": "apple502j", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:49:14.560Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629", "tags": ["exploit", "technical-description", "x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-25T15:02:41.296146Z", "id": "CVE-2021-25059", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T15:03:10.128Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629", "tags": ["exploit", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:49:14.560Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-25059", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-25T15:02:41.296146Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T15:03:05.196Z"}}], "cna": {"title": "Download Plugin < 2.0.0 - Subscriber+ Website Download", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "apple502j"}], "affected": [{"vendor": "Unknown", "product": "Download Plugin", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.0", "versionType": "custom"}], "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629", "tags": ["exploit", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-11-28T13:47:09.324Z"}}}, "cveMetadata": {"cveId": "CVE-2021-25059", "state": "PUBLISHED", "dateUpdated": "2025-04-25T15:03:10.128Z", "dateReserved": "2021-01-14T15:03:46.862Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2022-11-28T13:47:09.324Z", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:metagauss:download_plugin:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "61197EF0-5026-40EE-9A00-7FF538C97DD0", "versionEndExcluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website."}, {"lang": "es", "value": "El complemento Download Plugin de WordPress anterior a 2.0.0 no valida adecuadamente que un usuario tenga los privilegios necesarios para acceder al identificador nonce de una copia de seguridad, lo que puede permitir a cualquier usuario con una cuenta en el sitio (como un suscriptor) descargar una copia completa del sitio web."}], "id": "CVE-2021-25059", "lastModified": "2025-04-25T15:15:29.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-28T14:15:10.663", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}