1 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. The Download Manager Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.2.9 due to the plugin leaking the master key. This can allow unauthenticated attackers to retrieve the key and extract sensitive data contained in password protected package files. • https://wpscan.com/vulnerability/57f0a078-fbeb-4b05-8892-e6d99edb82c1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •