CVE-2024-2098

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions up to, and including, 3.2.89

Description The issue arises from an improper authorization check on the protectMediaLibrary function, allowing unauthenticated attackers to access password-protected files. This enables unauthorized data access, specifically permitting attackers to download files that should be restricted.

Recommendations For versions up to, and including, 3.2.89, update to a version higher than 3.2.89 to resolve the issue. As a temporary workaround, consider disabling the protectMediaLibrary function until a patch is available.