Lucene search
K

6 matches found

CNVD
CNVD
added 2026/03/26 12:0 a.m.5 views

WordPress Plugin Download Manager Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin Download Manager information disclosure vulnerability, which stems from a...

4.3CVSS5.8AI score0.00222EPSS
Exploits0
NVD
NVD
added 2026/03/19 7:15 a.m.4 views

CVE-2026-2571

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00222EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/19 6:46 a.m.3 views

CVE-2026-2571

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/19 6:46 a.m.3 views

CVE-2026-2571 Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.3 views

PT-2026-26254

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

WordPress plugin Download Manager 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin Download Manager information disclosure vulnerability, which stems from a...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References5
Rows per page
Query Builder