CVE-2024-9829

The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed.
Configurations

Configuration 1 (hide)

cpe:2.3:a:metagauss:download_plugin:*:*:*:*:*:wordpress:*:*

History

25 Oct 2024, 16:30

Type Values Removed Values Added
First Time Metagauss download Plugin
Metagauss
CPE cpe:2.3:a:metagauss:download_plugin:*:*:*:*:*:wordpress:*:*
References () https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L242 - () https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L242 - Product
References () https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L262 - () https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L262 - Product
References () https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L335 - () https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L335 - Product
References () https://plugins.trac.wordpress.org/changeset/3170600/ - () https://plugins.trac.wordpress.org/changeset/3170600/ - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/e0891211-e4b3-4dcf-8ee0-e20abeb91640?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/e0891211-e4b3-4dcf-8ee0-e20abeb91640?source=cve - Third Party Advisory

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) El complemento Download Plugin para WordPress es vulnerable al acceso no autorizado a los datos debido a la falta de comprobaciones de capacidad en las funciones 'dpwap_handle_download_user' y 'dpwap_handle_download_comment' en todas las versiones hasta la 2.2.0 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, descarguen cualquier comentario y metadatos de cualquier usuario, incluida información de identificación personal del usuario e información confidencial, como nombre de usuario, correo electrónico, contraseñas cifradas y contraseñas de aplicaciones, información de token de sesión y más, según la configuración y los complementos adicionales instalados.

23 Oct 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-23 06:15

Updated : 2024-10-25 16:30


NVD link : CVE-2024-9829

Mitre link : CVE-2024-9829

CVE.ORG link : CVE-2024-9829


JSON object : View

Products Affected

metagauss

  • download_plugin
CWE
CWE-862

Missing Authorization