• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Fullworks WordPress

Fullworks WordPress

WordPress is our Business

  • Plugins
    • Anti Spam
    • Display Eventbrite Events on WordPress
    • Quick Event Manager
    • Quick Paypal Payments
    • Quick Contact Form
  • Documentation
    • Anti Spam
    • Display Eventbrite Events on WordPress
    • Quick Event Manager
    • Quick PayPal Payments
    • Quick Contact Form
  • My Account
  • Contact

Plugin Vulnerability: Download Plugins and Themes from Dashboard

October 2, 2019 by Alan Fuller Leave a Comment

The plugin ‘Download Plugins and Themes from Dashboard’ (https://wordpress.org/plugins/download-plugins-dashboard/) , a plugin that lets you download installed plugins and themes ZIP files directly from your admin dashboard without using FTP with 10,000+ installs has been identified to have multiple security flaws in version less than 1.6.

NinTechNet discovered a multiple security issues within the Download Plugins and Themes from Dashboard WordPress plugin. The plugin’s setting update request did not check for authorisation, allowing an unauthenticated user to inject malicious JavaScript, which would be stored in the backend database. The author released a fixed version (1.6) on Sept 30th.

Recommendation

Our recommendation is to immediately update to version 1.6

Users of FullWorks Security will have been automatically notified of this vulnerability during their code scan.

If you are not a user of Fullworks Security you can sign up for a free 30 day trial

SEE FREE TRIAL OPTIONS

Or you can sign up to our free newsletter below.

Filed Under: Plugin Vulnerabilities

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Reliable and easily configured WordPress Plugins that meets your needs now and in the future.

Information

  • All Plugins’ Docs

About

  • Blog
  • Privacy Policy
  • Terms and Conditions
  • Refund Policy

Newsletter

  • I understand that I am signing up to a newsletter and marketing from Fullworks and I have read and agree to the privacy policy

COPYRIGHT © 2020 · FULLWORKS DIGITAL LTD. A COMPANY REGISTERED IN ENGLAND AND WALES, COMPANY NUMBER: 07720957

  • Home
  • Contact
  • Docs – All Plugins