Security Advisory

CVE-2024-11768

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-19 05:24:56

Last updated 2026-04-08 17:35:13

Assigner Wordfence

State PUBLISHED

Description

The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.

← Browse all CVEs View on cve.org ↗