1 results (0.006 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1
CVE-2023-1809 – Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2023-1809
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. The Download Manager Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.2.9 due to the plugin leaking the master key. This can allow unauthenticated attackers to retrieve the key and extract sensitive data contained in password protected package files. • https://wpscan.com/vulnerability/57f0a078-fbeb-4b05-8892-e6d99edb82c1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •