WordPress · Download Manager · CVE-2021-25087
**Name of the Vulnerable Software and Affected Versions**
Download Manager WordPress plugin versions prior to 3.2.35
**Description**
The issue concerns a lack of authorization checks in some REST API endpoints, allowing unauthenticated attackers to call them. This could lead to sensitive information disclosure, including posts passwords and files Master Keys.
**Recommendations**
For versions prior to 3.2.24, update to version 3.2.24 or later to fix the posts passwords disclosure issue.
For versions prior to 3.2.25, update to version 3.2.25 or later to fix the files Master Keys disclosure issue.
For versions prior to 3.2.35, update to version 3.2.35 or later to ensure all related issues are resolved.