CVE-2022-0828

Name of the Vulnerable Software and Affected Versions Download Manager WordPress plugin versions prior to 3.2.39

Description The issue allows an attacker to brute force the master key for a download, generated using the uniqid php function, with reasonable resources. This gives direct download access, bypassing role-based restrictions or password protections set for the download.

Recommendations For versions prior to 3.2.39, update to version 3.2.39 or later to resolve the issue. As a temporary workaround, consider restricting access to downloads until the update is applied.