CVE-2023-1524

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-1524
The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's password.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:*:wordpress:*:*
History

07 Nov 2023, 04:04

Type Values Removed Values Added
CWE CWE-284

05 Jun 2023, 14:48

Type Values Removed Values Added
First Time Wpdownloadmanager download Manager
Wpdownloadmanager
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
References (MISC) https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e - (MISC) https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e - Exploit
CPE cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:*:wordpress:*:*

30 May 2023, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-30 08:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-1524

Mitre link : CVE-2023-1524

CVE.ORG link : CVE-2023-1524

JSON object : View

Products Affected

wpdownloadmanager

  • download_manager
CWE

No CWE.