Unauthorized Access of Data in Download Plugin for WordPress
CVE-2024-9829

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Download Plugin
Vendor: CVE Published:; 23 October 2024

Summary

The Download Plugin for WordPress is susceptible to unauthorized data access due to inadequate capability checks within the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions. This flaw affects all versions up to and including 2.2.0. Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability to access and download any comment within the platform. Furthermore, they may retrieve metadata containing personally identifiable information (PII) such as usernames, email addresses, hashed passwords, application passwords, and session tokens, thereby posing a serious risk to user privacy and data integrity.

Affected Version(s)

Download Plugin * <= 2.2.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/download-plugi...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2024
Vulnerability Reserved
Oct 10, 2024

Credit

Matthew Rollings

Brian Sans-Souci