Lucene search
WPScanCVE-2023-1809HistoryMay 02, 2023 - 8:15 a.m.
CVE-2023-1809
2023-05-0208:15:10
WPScan
web.nvd.nist.gov
56
cve-2023-1809
download manager
wordpress
plugin
security
vulnerability
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
50.5%
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.
Affected configurations
Node
wpdownloadmanagerdownload_managerRange6.0.0–6.3.0prowordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpdownloadmanager | download_manager | * | cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:pro:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Download Manager",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "6.0.0",
"lessThan": "6.3.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Design/Logic Flaw
2023-05-02 08:15:00
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-1809
2023-05-02 08:15:10
cvelist
cvelist
wpexploit
wpexploit
wordfence
wordfence
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
50.5%
Related for CVE-2023-1809