Login Sign Up

CVE-2023-1809

7.5 HIGH
Authentication Bypass

📋 TL;DR

The Download Manager WordPress plugin before version 6.3.0 exposes master key information without authentication, allowing attackers to bypass password protection and download any password-protected files. This affects all WordPress sites using vulnerable versions of the Download Manager plugin.

💻 Affected Systems

Products:
  • WordPress Download Manager plugin
Versions: All versions before 6.3.0
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects sites using the Download Manager plugin with password-protected package files.

📦 What is this software?

Download Manager by W3eden

View all CVEs affecting Download Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers download sensitive password-protected files containing confidential data, intellectual property, or credentials, leading to data breaches and compliance violations.

🟠

Likely Case

Attackers download password-protected files that were intended to be restricted, potentially exposing sensitive documents or media.

🟢

If Mitigated

If proper access controls and monitoring are in place, unauthorized downloads would be detected and blocked, limiting data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires no authentication and minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.3.0

Vendor Advisory: https://wordpress.org/plugins/download-manager/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Download Manager' and click 'Update Now'. 4. Verify version is 6.3.0 or higher.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Download Manager plugin until patched.

wp plugin deactivate download-manager

Restrict access to download endpoints

linux

Use web application firewall or .htaccess to block access to vulnerable plugin endpoints.

# Add to .htaccess: RewriteRule ^wp-content/plugins/download-manager/.*\.php$ - [F,L]

🧯 If You Can't Patch

  • Remove all password-protected files from the Download Manager plugin
  • Implement network-level restrictions to block external access to the WordPress site

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Download Manager version below 6.3.0.

Check Version:

wp plugin get download-manager --field=version

Verify Fix Applied:

Confirm Download Manager plugin version is 6.3.0 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to download-manager endpoints without authentication
  • Multiple failed authentication attempts followed by successful downloads

Network Indicators:

  • HTTP requests to /wp-content/plugins/download-manager/ with suspicious parameters
  • Unusual download patterns from password-protected files

SIEM Query:

source="web_server" AND uri="/wp-content/plugins/download-manager/" AND (status=200 OR status=302) AND NOT user_agent="WordPress/*"

📊 Metadata

CVE ID: CVE-2023-1809
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-276
Published: May 2, 2023
Last Updated: March 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1809, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)