CVE-2021-25087

Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure

EPSS 1.5%CWE-862

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 mar 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).

Produtos afetados

Unknown · Download Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/d7ceafae-65ec-4e05-9ed1-59470771bf07