Unrated severityNVD Advisory· Published Mar 7, 2022· Updated Aug 3, 2024

Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure

CVE-2021-25087

Description

The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).

Affected products

Unknown/Download Managerv5
Range: 3.2.35

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/d7ceafae-65ec-4e05-9ed1-59470771bf07mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000