{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2571", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-15T23:15:40.514Z", "datePublished": "2026-03-19T06:46:15.104Z", "dateUpdated": "2026-04-08T17:25:43.856Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:43.856Z"}, "affected": [{"vendor": "codename065", "product": "Download Manager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.49", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates."}], "title": "Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3efaa0d-8af6-4cdf-9225-8bbcfdbb73d3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/UserController.php#L47"}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/UserController.php#L109"}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/review-user-status.php#L34"}, {"url": "https://plugins.trac.wordpress.org/changeset/3462539/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Qu\u1ed1c Huy"}], "timeline": [{"time": "2026-02-15T23:31:23.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-18T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:32:47.337940Z", "id": "CVE-2026-2571", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:32:55.315Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2571", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T13:32:47.337940Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:32:50.838Z"}}], "cna": {"title": "Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Qu\u1ed1c Huy"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "codename065", "product": "Download Manager", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.3.49"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-15T23:31:23.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-18T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3efaa0d-8af6-4cdf-9225-8bbcfdbb73d3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/UserController.php#L47"}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/UserController.php#L109"}, {"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/review-user-status.php#L34"}, {"url": "https://plugins.trac.wordpress.org/changeset/3462539/"}], "descriptions": [{"lang": "en", "value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-19T06:46:15.104Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2571", "state": "PUBLISHED", "dateUpdated": "2026-03-19T13:32:55.315Z", "dateReserved": "2026-02-15T23:15:40.514Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-19T06:46:15.104Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates."}, {"lang": "es", "value": "El plugin Download Manager para WordPress es vulnerable a acceso no autorizado a datos debido a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n 'reviewUserStatus' en todas las versiones hasta, e incluyendo, la 3.3.49. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, recuperen informaci\u00f3n sensible para cualquier usuario del sitio, incluyendo direcciones de correo electr\u00f3nico, nombres de visualizaci\u00f3n y fechas de registro."}], "id": "CVE-2026-2571", "lastModified": "2026-04-22T21:32:08.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-19T07:15:59.697", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/UserController.php#L109"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/UserController.php#L47"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/User/views/review-user-status.php#L34"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3462539/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3efaa0d-8af6-4cdf-9225-8bbcfdbb73d3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.3.49]"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 89.0, "source": "matching"}]}, "original": {"product": "Download Manager", "source": "cna", "vendor": "codename065"}, "product": "download_manager_plugin", "vendor": "codename065"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T08:50:26.641913+00:00", "value": {"mitigation_remediation": ["Check the codename065 Download Manager plugin website or repository for an updated version that addresses the missing capability check.", "Once an updated version is available, update the plugin to eliminate the vulnerability."], "summary": {"action": "Update Plugin", "impact": "Sensitive Data Disclosure \u2013 User Email Enumeration"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all versions of the codename065 Download Manager plugin up to and including version 3.3.49. No specific sub-version or patch information is listed beyond this cutoff. Users running any earlier or equal version are potentially impacted.", "description_and_impact": "The Download Manager plugin for WordPress contains a missing capability check in the reviewUserStatus function, which allows authenticated attackers with Subscriber-level access or higher to retrieve sensitive information about any site user, including email addresses, display names, and registration dates. This flaw results in a confidentiality breach and is classified under CWE-200. The impact is that attackers can harvest personally identifiable information that may be used for phishing, social engineering, or other malicious activities.", "risk_and_exploitability": "The base CVSS score of 4.3 indicates moderate severity, driven by the limited impact of information disclosure. The EPSS score is not available, and the vulnerability is not featured in CISA\u2019s KEV catalog. Exploitation requires the attacker to be authenticated with at least Subscriber-level privileges; no remote code execution or denial of service is possible. Given that the flaw is purely functional and does not require special conditions beyond authenticated access, the likelihood of exploitation is moderate, especially in environments with a large number of subscriber accounts."}}}}, "created": "2026-03-20T08:57:15.456951+00:00", "updated": "2026-03-20T14:15:47.324450+00:00", "vendors": ["codename065", "codename065$PRODUCT$download_manager_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}