CVE-2023-6785
The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).
We have discovered 11,293 live websites that are affected by CVE-2023-6785.
Affected Software
| Product |  WordPress Download Manager |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,293 live websites (27.66% of WordPress Download Manager install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 122 versions ( 42.96% of all versions) |
Details
- Published - Mar 13, 2024
- Updated - Aug 2, 2024
Credits
- wesley (finder)
CVE References
CVE-2023-6785 usage by Country
 United States | 2,609 websites |
 Japan | 1,683 websites |
 Germany | 1,467 websites |
 France | 667 websites |
 Italy | 501 websites |
 Spain | 348 websites |
 GB | 320 websites |
 Poland | 253 websites |
 Russia | 225 websites |
 Netherlands | 200 websites |
CVE-2023-6785 usage by TLD
| .com | 3,974 websites |
| .org | 809 websites |
| .de | 707 websites |
| .it | 414 websites |
| .net | 388 websites |
| .jp | 371 websites |
| .fr | 210 websites |
| .ru | 203 websites |
| .co.jp | 202 websites |
| .es | 199 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6785
Top websites that are affected by CVE-2023-6785. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.org | United States | **,*** | |
| **********.com | United States | **,*** | |
| ********.org | United States | **,*** | |
| *******.hu |  Hungary | **,*** | |
| *****.***.br | United States | **,*** | |
| *********.com | Japan | **,*** | |
| *********.***.pl | Poland | ***,*** | |
| *******.**.ke |  Kenya | ***,*** | |
| *********.org | United States | ***,*** | |
| ******.com | Japan | ***,*** |
FAQ
A total of 11,293 websites have been identified as vulnerable to CVE-2023-6785, discovered through global website indexing conducted by WebTechSurvey.
WordPress Download Manager is susceptible to CVE-2023-6785 vulnerability.
WordPress Download Manager versions before, and including, 3.2.84 are vulnerable to CVE-2023-6785.