CM Download Manager Plugin Vulnerable to CSRF Attacks
CVE-2024-1232

Currently unrated

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
25 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-1232?

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack

Affected Version(s)

CM Download Manager 0 < 2.9.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sushmita Poudel
WPScan
.
CVE-2024-1232 : CM Download Manager Plugin Vulnerable to CSRF Attacks