CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's password.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:39

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e - Exploit () https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e - Exploit

05 Jun 2023, 14:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References (MISC) https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e - (MISC) https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e - Exploit
CPE cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:*:wordpress:*:*

30 May 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-30 08:15

Updated : 2024-11-21 07:39


NVD link : CVE-2023-1524

Mitre link : CVE-2023-1524

CVE.ORG link : CVE-2023-1524


JSON object : View

Products Affected

wpdownloadmanager

  • download_manager
CWE

No CWE.