The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410 | Broken Link Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Jan 2024, 19:08
Type | Values Removed | Values Added |
---|---|---|
Summary | (es) El complemento Download Manager de WordPress anterior a 3.2.83 no protege las contraseñas de descarga de archivos y las filtra al recibir una no válida. | |
CPE | cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:* | |
First Time |
Wpdownloadmanager wordpress Download Manager
Wpdownloadmanager |
|
CWE | CWE-522 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410 - Broken Link, Exploit, Third Party Advisory |
02 Jan 2024, 13:47
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-01 15:15
Updated : 2024-01-08 19:08
NVD link : CVE-2023-6421
Mitre link : CVE-2023-6421
CVE.ORG link : CVE-2023-6421
JSON object : View
Products Affected
wpdownloadmanager
- wordpress_download_manager
CWE
CWE-522
Insufficiently Protected Credentials