Vulnerability in Download Manager

CVE-2023-6421

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

EPSS: 0.824 (99.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Download Manager — versions 0

Public proof-of-concept exploits

References

wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-6421?: CVE-2023-6421 is a vulnerability in Download Manager, classified under CWE-863 INCORRECT AUTHORIZATION. Published 2024-01-01.
Is CVE-2023-6421 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.