Lucene search
WPScanCVELIST:CVE-2022-0828HistoryApr 11, 2022 - 2:40 p.m.
CVE-2022-0828 Download Manager < 3.2.39 - Unauthenticated brute force of files master key
2022-04-1114:40:50
WPScan
www.cve.org
9
cve-2022-0828
download manager
wordpress
The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Download Manager",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "3.2.34"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
patchstack
patchstack
wpvulndb
wpvulndb
Download Manager < 3.2.39 - Unauthenticated brute force of files master key
2022-03-16 00:00:00
prion
prion
Design/Logic Flaw
2022-04-11 15:15:00
openvas
openvas
nvd
nvd
CVE-2022-0828
2022-04-11 15:15:08
cve
cve
CVE-2022-0828
2022-04-11 15:15:08
wpexploit
wpexploit
Download Manager < 3.2.39 - Unauthenticated brute force of files master key
2022-03-16 00:00:00
nessus
nessus
Download Manager Plugin for WordPress < 3.2.34 Multiple Vulnerabilities
2023-09-13 00:00:00