Skip to content

Features
Pricing

Search

WordPress Plugin Vulnerabilities

Download manager < 3.3.04 - Unauthenticated Download of Password-Protected Files

Description

The plugin is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function. This makes it possible for unauthenticated attackers to download password-protected files.

Affects Plugins

download-manager

Fixed in 3.3.04

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b

Miscellaneous

Original Researcher

Emiliano Versini

Verified

No

WPVDB ID

0d659b5e-b0e3-493c-b2fa-9a689919e91e

Timeline

Publicly Published

2024-12-18 (about 1 year ago)

Added

2024-12-19 (about 1 year ago)

Last Updated

2024-12-19 (about 1 year ago)

Other

Published

Title

Published

2017-12-27

Title

woocommerce-csvimport 3.3.6 – Authenticated Arbitrary File Deletion

Published

2014-08-01

Title

dt-chocolate - Image Open redirect

Published

2017-08-16

Title

AddToAny Share Buttons <= 1.7.14 - Conditional Host Header Injection

Published

2014-08-01

Title

Method 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download

Published

2024-03-26

Title

WP Reset < 2.0 - Sensitive Information Exposure due to Insufficient Randomness

Vulnerabilities

WordPress
Plugins
Themes
Our Stats
Submit vulnerabilities

About

How it works
Pricing
WordPress plugin
Blog
Contact

For Developers

Status
API details
CLI scanner

Other

Privacy
Terms of service
Submission terms
Disclosure policy
Privacy Notice for California Users

In partnership with Jetpack

GitHub
Twitter
Facebook

An

endeavor

Subscribe Subscribed
- WPScan
- Already have a WordPress.com account? Log in now.