5Afe

**Name of the Vulnerable Software and Affected Versions** Download Manager plugin for WordPress versions prior to 3.3.33 **Description** The Download Manager plugin for WordPress is susceptible to unauthorized access of sensitive information. This is caused by missing authorization and capability checks on the `wpdm media access` AJAX action. Attackers with Subscriber-level access or higher can retrieve passwords and access control settings for protected media attachments. This allows bypassing media protection and downloading restricted files. **Recommendations** Update the Download Manager plugin to version 3.3.33 or later.