What is the severity of CVE-2023-1524?

The severity of CVE-2023-1524 is medium with a CVSSv3 score of 6.5.

Does the Download Manager WordPress plugin version 3.2.71 have the vulnerability?

Yes, the Download Manager WordPress plugin version 3.2.71 is affected by CVE-2023-1524.

What is the impact of CVE-2023-1524?

CVE-2023-1524 allows an attacker to download any password-protected file on the server without authentication.

How can I fix the vulnerability in the Download Manager WordPress plugin?

To fix the vulnerability, update the Download Manager plugin to a version greater than or equal to 3.2.71.

Is there any additional information about CVE-2023-1524?

For more information about CVE-2023-1524, you can refer to the following link: [Reference](https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e)

Vulnerability/
CVE-2023-1524

medium

6.5

CWE

284

30/5/2023

10/1/2025

CVE-2023-1524: Download Manager < 3.2.71 - Broken Access Controls

First published: Tue May 30 2023(Updated: )

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's password.

Credit: contact@wpscan.com contact@wpscan.com

Affected Software	Affected Version	How to fix
WP Download Manager	<3.2.71

Never miss a vulnerability like this again

Reference Links

https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e

Frequently Asked Questions

What is the severity of CVE-2023-1524?
The severity of CVE-2023-1524 is medium with a CVSSv3 score of 6.5.
Does the Download Manager WordPress plugin version 3.2.71 have the vulnerability?
Yes, the Download Manager WordPress plugin version 3.2.71 is affected by CVE-2023-1524.
What is the impact of CVE-2023-1524?
CVE-2023-1524 allows an attacker to download any password-protected file on the server without authentication.
How can I fix the vulnerability in the Download Manager WordPress plugin?
To fix the vulnerability, update the Download Manager plugin to a version greater than or equal to 3.2.71.
Is there any additional information about CVE-2023-1524?
For more information about CVE-2023-1524, you can refer to the following link: [Reference](https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e)

collector/nvd-latest
agent/type
agent/softwarecombine
agent/title
agent/weakness
agent/references
agent/severity
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/wpdownloadmanager
canonical/wp download manager

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.