The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-07T08:16:18
Updated: 2024-08-03T19:56:09.993Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25087
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-07T09:15:08.820
Modified: 2024-11-21T05:54:19.583
Link: CVE-2021-25087
Redhat
No data.