CVE-2026-32536
Received Received - Intake
Unrestricted File Upload Vulnerability in Green Downloads

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through <= 2.08.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32536
EUVD
EUVD-2026-15910
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
halfdata green_downloads to 2.08 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32536 is an Arbitrary File Upload vulnerability in the WordPress Green Downloads Plugin versions up to and including 2.08. It allows attackers to upload any type of file, including malicious backdoors, to a website. These uploaded files can then be executed to gain unauthorized access or control over the affected website.

The vulnerability is classified as critical with a CVSS score of 9.9 and falls under the OWASP Top 10 category A3: Injection. It requires only subscriber-level privileges to exploit, making it highly dangerous and easy to abuse.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to your website through malicious files uploaded by attackers. These files can act as backdoors, allowing attackers to execute arbitrary code, compromise website data, deface the site, or use the site as a platform for further attacks.

Because the exploit requires only subscriber-level privileges, it increases the risk of exploitation even by less privileged users, potentially leading to widespread compromise.

The vulnerability is considered highly dangerous and likely to be exploited in mass campaigns targeting many websites, regardless of their traffic or popularity.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Green Downloads Plugin to version 2.09 or later, which contains the patch that resolves the issue.

For users unable to update immediately, applying a mitigation rule that blocks exploitation attempts is recommended until the patch can be applied.

Using automatic updates and continuous protection through security platforms like Patchstack can also help prevent exploitation.

Compliance Impact

The vulnerability allows attackers to upload and execute malicious files, potentially leading to unauthorized access and data breaches.

Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.

Immediate mitigation is recommended to prevent exploitation that could result in violations of these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32536. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart