CVE-2026-2571 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in a…
Medium CVSS: 4.3

CVE-2026-2571

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates.
Vendor
-
Product
-
CWE
CWE-200
Yayın Tarihi
2026-03-19 07:15:59
Güncelleme
2026-03-19 13:25:00
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-200 MEDIUM 2026

Referanslar

https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/UserController.php#L109 https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/UserController.php#L47 https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/review-user-status.php#L34 https://plugins.trac.wordpress.org/changeset/3462539/ https://www.wordfence.com/threat-intel/vulnerabilities/id/d3efaa0d-8af6-4cdf-9225-8bbcfdbb73d3?source=cve