How severe is CVE-2024-11768?

CVE-2024-11768 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2024-11768

Name: download_manager
Author: w3eden

5.3MEDIUM

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up

Published: 12/19/2024Updated: 3/21/2025

Description

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.

AI AnalysisPowered by AI

Affected Products

w3edendownload_manager

References

https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b?source=cve
Third Party Advisory