CVE-2022-2362

Summary

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.

Affected Software

VendorProductVersion RangeStatus
UnknownDownload Manager3.2.50 < 3.2.50affected

Weaknesses

  • CWE-79: CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References