Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-6421

CWE-522Insufficiently Protected CredentialsCWE-863Incorrect Authorization4 documents4 sources
Severity
7.5HIGH
EPSS
80.6%
top 0.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown Download ManagerW3eden Download Manager
Timeline
PublishedJan 1

Description

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/download_manager< 3.2.83

🔴Vulnerability Details

2
GHSA
GHSA-3qcq-28jc-g3f4: The Download Manager WordPress plugin before 32024-01-01
CVEList
Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak2024-01-01

💥Exploits & PoCs

1
Nuclei
WordPress Download Manager - File Password Exposure