7.5
CVE-2024-2098
- EPSS 1.34%
- Veröffentlicht 13.06.2024 06:15:09
- Zuletzt bearbeitet 08.04.2026 17:18:29
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginDownload Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.
Mögliche Gegenmaßnahme
Download Manager: Update to version 3.2.90, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Download Manager
Version
*-3.2.89
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
W3eden ≫ Download Manager SwEditionfree SwPlatformwordpress Version < 3.2.90
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.34% | 0.798 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-289 Authentication Bypass by Alternate Name
The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.