cbcvebase.
CVE-2023-6421
published 2024-01-01

CVE-2023-6421: The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.44%
82.2th percentile
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

Affected

1 ranges
VendorProductVersion rangeFixed in
w3edendownload_manager< 3.2.833.2.83

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?rest_route=/wpdm/validate-password
path/wp-content/plugins/download-manager/
commandPOST /index.php?rest_route=/wpdm/validate-password HTTP/1.1 Content-Type: application/x-www-form-urlencoded __wpdm_ID={{id}}&dataType=json&execute=wpdm_getlink&action=wpdm_ajax_call&password=123322
  • Detect exploitation attempts by monitoring POST requests to the validate-password REST API endpoint with parameters indicative of the attack payload.
  • A successful exploit response will contain both 'Wrong Password' and 'op":"' in the JSON body, leaking the actual password in the '.op' field.
  • The response Content-Type will be application/json and HTTP status 200 even when the wrong password is submitted, indicating password leakage.
  • The leaked password is extracted from the '.op' JSON field in the server response.
  • Identify vulnerable WordPress instances by searching for the download-manager plugin path in page body or URL.
  • ·The vulnerability affects WordPress Download Manager plugin versions before 3.2.83 only.
  • ·The attack requires knowing or brute-forcing a valid password-protected file ID (the '__wpdm_ID' parameter); the PoC template notes to pass the file ID via the 'id' parameter.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.