Zip Attachments

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the current wp_upload_dir directory.

Basic Information

ID CVE-2025-11692

Source Wordfence

Published Oct 15, 2025 at 08:25

Affected Product

Vendor quicoto

Product Zip Attachments

Version *

Affected Versions quicoto Zip Attachments *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the current wp_upload_dir directory.",
    "published": "2025-10-15T08:25:59.373Z",
    "modified": "2025-10-15T08:25:59.373Z",
    "type": "cve",
    "title": "Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa8d746f-82e2-4615-92bb-35d20124dc56?source=cve\nhttps://plugins.trac.wordpress.org/browser/zip-attachments/tags/1.6/download.php#L27",
    "id": "CVE-2025-11692",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "quicoto Zip Attachments *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Zip Attachments",
    "version": "*",
    "vendor": "quicoto",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion_CVE-2025-11692