CVE-2022-0828

The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
References
Configurations

Configuration 1

cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-04-11 03:15

Updated : 2022-04-15 06:36


NVD link : CVE-2022-0828

Mitre link : CVE-2022-0828

Products Affected
No products.
CWE
CWE-326

Inadequate Encryption Strength