CVE-2021-25059

Name of the Vulnerable Software and Affected Versions The Download Plugin WordPress plugin versions prior to 2.0.0

Description The issue arises from improper validation of user privileges to access a backup's nonce identifier. This may allow any users with an account on the site, such as subscribers, to download a full copy of the website.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to backup functionality to minimize the risk of exploitation.