CVE-2021-25087

{"id": "CVE-2021-25087", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-03-07T09:15:08.820", "references": [{"url": "https://wpscan.com/vulnerability/d7ceafae-65ec-4e05-9ed1-59470771bf07", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25)."}, {"lang": "es", "value": "El plugin Download Manager de WordPress versiones anteriores a 3.2.35, no presenta comprobaciones de autorizaci\u00f3n en algunos de los endpoints de la API REST, permitiendo a atacantes no autenticados llamarlos, lo que podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n confidencial, como las contrase\u00f1as de las entradas (corregido en versi\u00f3n 3.2.24) y las claves maestras de los archivos (corregido en versi\u00f3n 3.2.25)"}], "lastModified": "2022-04-12T15:55:55.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E04ACBA3-ADC6-4188-94B6-69C1C834DFF7", "versionEndExcluding": "3.2.35"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}