Vulnerabilities > CVE-2022-2362 - Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
wpdownloadmanager
NVD
Published: 2022-08-22
Updated: 2024-11-21

Summary

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.

Vulnerable Configurations

Part Description Count
Application
Wpdownloadmanager
313

References