CVE-2024-2098: Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary
First published: Thu Jun 13 2024(Updated: )
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WP Download Manager | <=3.2.89 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2098?
CVE-2024-2098 is rated as a high severity vulnerability due to the potential for unauthorized access to sensitive data.
How do I fix CVE-2024-2098?
To fix CVE-2024-2098, update the Download Manager plugin for WordPress to version 3.2.90 or later.
Who is affected by CVE-2024-2098?
All users of the Download Manager plugin for WordPress versions up to and including 3.2.89 are affected by CVE-2024-2098.
What type of vulnerability is CVE-2024-2098?
CVE-2024-2098 is an improper authorization check vulnerability that allows unauthenticated attackers to access protected media.
Can CVE-2024-2098 be exploited remotely?
Yes, CVE-2024-2098 can be exploited remotely, allowing attackers to download protected media files without authorization.
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/wordpress
- canonical/wp download manager