CVE-2025-11072

Name of the Vulnerable Software and Affected Versions MelAbu WP Download Counter Button WordPress plugin versions through 1.8.6.7

Description The plugin does not properly check the location of files before allowing downloads. This could allow someone without an account to access and download any file on the server. The issue involves a lack of validation of file paths.

Recommendations Update to a version beyond 1.8.6.7.