CVE-2023-6421
Download Manager < 3.2.83 - Unauthenticated Protected File Download Password LeakThe Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.
We have discovered 10,223 live websites that are affected by CVE-2023-6421.
Affected Software
| Product |  WordPress Download Manager |
| Category | Wordpress Plugins |
| Vulnerable Domains | 10,223 live websites (25.03% of WordPress Download Manager install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 120 versions ( 42.25% of all versions) |
Common Weakness Enumeration
CWE-863 Incorrect AuthorizationDetails
- Published - Jan 1, 2024
- Updated - Aug 2, 2024
Credits
- Liu Shaohong (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-6421 usage by Country
 United States | 2,359 websites |
 Japan | 1,542 websites |
 Germany | 1,291 websites |
 France | 600 websites |
 Italy | 447 websites |
 Spain | 324 websites |
 GB | 289 websites |
 Poland | 223 websites |
 Russia | 212 websites |
 Netherlands | 176 websites |
CVE-2023-6421 usage by TLD
| .com | 3,627 websites |
| .org | 733 websites |
| .de | 624 websites |
| .it | 369 websites |
| .net | 349 websites |
| .jp | 336 websites |
| .ru | 195 websites |
| .fr | 186 websites |
| .co.jp | 182 websites |
| .es | 181 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6421
Top websites that are affected by CVE-2023-6421. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.org | United States | **,*** | |
| **********.com | United States | **,*** | |
| ********.org | United States | **,*** | |
| *******.hu |  Hungary | **,*** | |
| *****.***.br | United States | **,*** | |
| *********.com | Japan | **,*** | |
| *********.***.pl | Poland | ***,*** | |
| *********.org | United States | ***,*** | |
| ******.com | Japan | ***,*** | |
| ***********.asia | United States | ***,*** |
FAQ
CVE-2023-6421 is Incorrect Authorization in WordPress Download Manager
A total of 10,223 websites have been identified as vulnerable to CVE-2023-6421, discovered through global website indexing conducted by WebTechSurvey.
WordPress Download Manager is susceptible to CVE-2023-6421 vulnerability.
WordPress Download Manager versions before 3.2.83 are vulnerable to CVE-2023-6421.
Version 3.2.83 of WordPress Download Manager addresses the CVE-2023-6421 security vulnerability.