CVE-2023-1524

Name of the Vulnerable Software and Affected Versions Download Manager WordPress plugin versions prior to 3.2.71

Description The issue concerns inadequate password validation for password-protected files. When a password is validated, a master key is generated and exposed to the user. This master key can be used to download any password-protected file on the server, allowing unauthorized access to files with the knowledge of just one file's password.

Recommendations For versions prior to 3.2.71, update to version 3.2.71 or later to resolve the issue. As a temporary workaround, consider restricting access to password-protected files until the update is applied.