Vulnerability in Download Manager Plugin for WordPress
CVE-2024-11768
5.3MEDIUM
What is CVE-2024-11768?
CVE-2024-11768 affects the Download Manager plugin for WordPress, allowing unauthenticated attackers to bypass password validation through the vulnerable checkFilePassword function. This flaw exists in all versions up to and including 3.3.03, enabling unauthorized downloading of sensitive password-protected content. The ease of exploitation significantly raises the risk for websites relying on this plugin for secure file management.
Affected Version(s)
Download Manager * <= 3.3.03