Vulnerabilities

CVE-2024-11768

by Fred · 19/12/2024

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.

More information : https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : LOW
Integrity impact : NONE
Base score : 5.3
Base severity : MEDIUM
Exploitability score : 3.9
Impact score : 1.4

Similar

Tags: Cybersecurity Alert