CVE-2023-6421

CVSS 3.1 Score 7.5 of 10 (high)

Attack Complexity low
Confidentiality high
Integrity none
Availability none
Scope unchanged
Privileges Required none

Details

Published Jan 1, 2024
Updated: Jan 8, 2024
CWE ID 522

Summary

CVE-2023-6421 is a vulnerability affecting the Download Manager plugin for WordPress. This issue permits unauthorized users to gain access to password-protected downloads by submitting an incorrect password. The plugin fails to secure the password input, subsequently exposing it upon receipt of an invalid attempt. This vulnerability poses a significant risk, allowing unauthorized individuals to download protected files, potentially leading to data breaches and unauthorized access to sensitive information. Users are strongly advised to update the Download Manager plugin to the latest version (3.2.83) to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share