The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
CVE ID: CVE-2024-8699
CVSS Base Severity: HIGH
CVSS Base Score: 7.2
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor: Unknown
Product: Z-Downloads
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 17.21% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)