CVE-2024-13126

Name of the Vulnerable Software and Affected Versions Download Manager WordPress plugin versions prior to 3.3.07

Description The issue allows unauthorized access to files due to the plugin not preventing directory listing on web servers that don't use htaccess. This enables unauthorized access of files.

Recommendations For versions prior to 3.3.07, update to version 3.3.07 or later to resolve the issue. As a temporary workaround, consider configuring the web server to use htaccess to prevent directory listing until the plugin is updated.