CVE-2026-2571 in Download Manager Plugininformação

Sumário

de MITRE • 19/03/2026

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Wordfence

Reservar

16/02/2026

Divulgação

19/03/2026

Moderação

aceite

Entrada

VDB-351676

CPE

pronto

CWE

CWE-200 (confirmado)

CVSS

4.3 (CNA)

EPSS

0.00046

KEV

não

Atividades

muito baixo

Sector

Hostingprovider

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2571
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2571
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2571/

◂ Voltar Visão Geral Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!