CVE-2023-6421

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6421
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410 Broken Link Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*
History

08 Jan 2024, 19:08

Type Values Removed Values Added
Summary (es) Download Manager WordPress plugin anterior a 3.2.83 no protege las contraseñas de descarga de archivos y las filtra al recibir una no válida. (es) El complemento Download Manager de WordPress anterior a 3.2.83 no protege las contraseñas de descarga de archivos y las filtra al recibir una no válida.
CPE cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*
First Time Wpdownloadmanager wordpress Download Manager
Wpdownloadmanager
CWE CWE-522
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
References () https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410 - () https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410 - Broken Link, Exploit, Third Party Advisory

02 Jan 2024, 13:47

Type Values Removed Values Added
Summary
  • (es) Download Manager WordPress plugin anterior a 3.2.83 no protege las contraseñas de descarga de archivos y las filtra al recibir una no válida.

01 Jan 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-01 15:15

Updated : 2024-01-08 19:08

NVD link : CVE-2023-6421

Mitre link : CVE-2023-6421

CVE.ORG link : CVE-2023-6421

JSON object : View

Products Affected

wpdownloadmanager

  • wordpress_download_manager
CWE
CWE-522

Insufficiently Protected Credentials