Lucene search

[email protected]NVD:CVE-2023-1809

HistoryMay 02, 2023 - 8:15 a.m.

CVE-2023-1809

2023-05-0208:15:10

[email protected]

web.nvd.nist.gov

wordpress plugin

security leak

master key

arbitrary files

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

50.5%

JSON

The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.

Affected configurations

Nvd

Node

wpdownloadmanagerdownload_managerRange6.0.0–6.3.0prowordpress

VendorProductVersionCPE
wpdownloadmanagerdownload_manager*cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:pro:wordpress:*:*

Vendor	Product	Version	CPE
wpdownloadmanager	download_manager	*	cpe:2.3:a:wpdownloadmanager:download_manager:::::pro:wordpress::

References

wpscan.com/vulnerability/57f0a078-fbeb-4b05-8892-e6d99edb82c1

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

50.5%

JSON

Related for NVD:CVE-2023-1809

prion1 wpvulndb1 cve1 cvelist1 wpexploit1 wordfence1