Incorrect Access Control in dFactory Download Attachments

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Incorrect Access Control in dFactory Download Attachments

CVE-2026-39616

Summary

A security issue in dFactory Download Attachments allows unauthorized access to sensitive files if access controls are not properly set. This affects all versions up to 1.4.0. Update to the latest version to ensure proper access controls are enforced.

Original title

Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This iss...

Original description

Vulnerability type

CWE-639 Authorization Bypass Through User-Controlled Key

https://patchstack.com/database/Wordpress/Plugin/download-attachments/vulnerabil...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026