CVE-2024-8699

Name of the Vulnerable Software and Affected Versions Z-Downloads WordPress plugin versions prior to 1.11.5

Description The issue allows high privilege users, such as admin, to upload arbitrary files on the server even when they should not be allowed to, for example in a multisite setup. This is due to the plugin not properly validating files uploaded.

Recommendations For versions prior to 1.11.5, update to version 1.11.5 or later to resolve the issue. As a temporary workaround, consider restricting file upload permissions for high privilege users to minimize the risk of exploitation.