CVE-2023-6785

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Mar 13, 2024

Summary

CVE-2023-6785 is a vulnerability affecting the Download Manager plugin for WordPress. In all versions up to 3.2.84, this issue allows unauthenticated attackers to download files that have been added to the plugin, including privately published ones. This vulnerability poses a significant risk, as it enables unauthorized access to potentially sensitive files, increasing the likelihood of data breaches or other cyberattacks. To mitigate this risk, WordPress users should immediately update their Download Manager plugin to the latest version, 3.2.85 or higher.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tyyiZy
https://www.cve.org/CVERecord?id=CVE-2023-6785
https://nvd.nist.gov/vuln/detail/CVE-2023-6785

Back to Vulnerability Database

CVE-2023-6785

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations