CVE-2026-2571 in Download Manager Plugininformation

Résumé

par MITRE • 19/03/2026

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Wordfence

Réserver

16/02/2026

Divulgation

19/03/2026

Modérer

accepté

Entrée

VDB-351676

CPE

prêt

CWE

CWE-200 (confirmé)

CVSS

4.3 (CNA)

EPSS

0.00046

KEV

non

Activités

très faible

Secteur

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2571
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2571
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2571/

◂ Précédent Aperçu Suivant ▸

Do you know our Splunk app?

Download it now for free!