CVE-2022-34347: WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Verified

Fixed

4.2

CVSS 3.1 score Medium severity

Monitoring Coming soon

PSID

08f6b57f5dd4

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Publicly disclosed

2022-08-02

Details

Cross-Site Request Forgery (CSRF) vulnerability leading to template status change discovered by Muhammad Daffa (Patchstack Alliance) in WordPress Download Manager plugin (versions <= 3.2.48).

Solution

Update the WordPress Download Manager plugin to the latest available version (at least 3.2.49).

References