CVE-2024-8673

Name of the Vulnerable Software and Affected Versions: Z-Downloads versions prior to 1.11.7

Description: The issue concerns the Z-Downloads WordPress plugin, which does not properly validate uploaded files. This allows for the uploading of SVG files that contain malicious JavaScript.

Recommendations: For versions prior to 1.11.7, update to version 1.11.7 or later to resolve the issue. As a temporary workaround, consider restricting the upload of SVG files or disabling the file upload feature until the update is applied.