The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.
Metrics
Affected Vendors & Products
References
History
Wed, 29 Jan 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpdownloadmanager
Wpdownloadmanager download Manager |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Wpdownloadmanager
Wpdownloadmanager download Manager |
Thu, 19 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Dec 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files. | |
Title | Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-19T05:24:56.535Z
Updated: 2024-12-19T16:38:23.813Z
Reserved: 2024-11-26T15:16:24.789Z
Link: CVE-2024-11768

Updated: 2024-12-19T16:34:24.277Z

Status : Analyzed
Published: 2024-12-19T06:15:23.007
Modified: 2025-01-29T20:54:37.327
Link: CVE-2024-11768

No data.