VYPR
Unrated severityNVD Advisory· Published Dec 19, 2024· Updated Apr 8, 2026

Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files

CVE-2024-11768

Description

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.