Unauthorized Access to Password-Protected Files in Download Manager Plugin for WordPress
CVE-2024-2098
7.5HIGH
What is CVE-2024-2098?
The Download Manager plugin for WordPress is susceptible to unauthorized data access stemming from an improper authorization check in the 'protectMediaLibrary' function. This vulnerability affects all versions of the plugin up to and including 3.2.89. As a result, unauthenticated attackers gain the potential to download files that are otherwise protected by passwords, posing a significant risk to sensitive information stored within the media library.
Affected Version(s)
Download Manager * <= 3.2.89