The Download Manager WordPress plugin prior to 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an malicious user to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpdownloadmanager wordpress download manager |