CVE-2023-6421 Scanner

WordPress Download Manager is a versatile file management plugin for WordPress, widely used by content creators and developers to manage, protect, and sell digital products. This plugin is primarily employed on websites requiring secure file downloads, such as e-commerce platforms, educational portals, and premium content sites. It provides functionalities like password-protected downloads, which add an extra layer of security for the site's digital assets. With robust download protection and access control features, WordPress Download Manager is trusted for enhancing the security of digital resources. Its user-friendly interface and extensive configurability make it a popular choice among WordPress users. Despite its widespread adoption, any vulnerabilities in the plugin can pose significant risks to website security.

The Information Disclosure vulnerability in WordPress Download Manager allows unauthorized users to retrieve passwords of protected files. By exploiting this flaw, attackers can gain unauthorized access to secure downloads. The vulnerability arises from weak access control mechanisms in one of the plugin's API endpoints, which improperly verifies the supplied password. As a result, successfully crafted requests can bypass password protection, revealing the password in the process. This vulnerability underscores the importance of addressing security weaknesses that could lead to exposure of sensitive information.

The vulnerability centers around the 'validate-password' API endpoint of the WordPress Download Manager plugin. Attackers can craft requests to this endpoint, exploiting an insufficient validation check on passwords, allowing them to retrieve the password for protected files. By sending the right combination of parameters, such as the password-protected file ID, attackers can leverage this flaw to access the file links without proper authorization. This technical oversight in password validation renders sensitive files vulnerable to unauthorized access, posing a potential security risk. Protecting such endpoints against exploitation is critical to maintaining the integrity of the plugin's security features.

Exploiting this vulnerability can lead to unauthorized access to sensitive files intended to be secured by password protection. This unauthorized access could compromise confidential information and lead to data breaches. Websites relying on this plugin for secure content delivery may experience loss of trust from their users. Attackers could potentially distribute or misuse the exposed files for malicious activities. The loss of protected content could have financial and reputational impacts on affected websites. Therefore, it is crucial for site administrators to patch this vulnerability promptly to avoid potential exploitation.

REFERENCES

• https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410/