CVE-2023-6785
First published: Wed Mar 13 2024(Updated: )
The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WP Download Manager | <=3.2.84 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6785?
CVE-2023-6785 is classified as a critical vulnerability due to the potential for unauthorized file access.
How do I fix CVE-2023-6785?
To fix CVE-2023-6785, update the WordPress Download Manager plugin to version 3.2.85 or higher.
Who is affected by CVE-2023-6785?
Anyone using the Download Manager plugin for WordPress in versions up to and including 3.2.84 is affected by CVE-2023-6785.
What type of vulnerability is CVE-2023-6785?
CVE-2023-6785 is an unauthorized file download vulnerability.
Can an attacker exploit CVE-2023-6785 without authentication?
Yes, CVE-2023-6785 allows unauthenticated attackers to exploit the vulnerability to download files.
- collector/nvd-api
- source/NVD
- agent/references
- agent/type
- agent/description
- agent/author
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/wordpress
- canonical/wp download manager