Johan Kragt

**Name of the Vulnerable Software and Affected Versions** Download Manager WordPress plugin versions prior to 3.2.71 **Description** The issue concerns inadequate password validation for password-protected files. When a password is validated, a master key is generated and exposed to the user. This master key can be used to download any password-protected file on the server, allowing unauthorized access to files with the knowledge of just one file's password. **Recommendations** For versions prior to 3.2.71, update to version 3.2.71 or later to resolve the issue. As a temporary workaround, consider restricting access to password-protected files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Download Manager WordPress plugin versions prior to 6.3.0 **Description** The issue allows attackers to access master key information without requiring a password, enabling them to download arbitrary password-protected package files. **Recommendations** For versions prior to 6.3.0, update to version 6.3.0 or later to resolve the issue.