Is PHP affected by CVE-2026-2571?

Organizations using all should be aware of moderate risk from CVE-2026-2571, a information exposure vulnerability rated CVSS 4.3. Sensitive information could be exposed to unauthorized parties. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2026-2571

EUVD-2026-13065 MEDIUM

2026-03-19 Wordfence

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 19, 2026 - 07:15 vuln.today

EUVD ID Assigned

Mar 19, 2026 - 07:15 euvd

EUVD-2026-13065

CVE Published

Mar 19, 2026 - 06:46 nvd

MEDIUM 4.3

Description

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information for any user on the site including email addresses, display names, and registration dates.

Analysis

The Download Manager plugin for WordPress contains a missing capability check in the 'reviewUserStatus' function that allows authenticated subscribers and above to access sensitive user information without proper authorization. Affected versions include all releases up to and including 3.3.49, enabling attackers with minimal privileges to retrieve email addresses, display names, and registration dates for any user on the site. …

Remediation

Within 30 days: Identify affected systems running all and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +22

POC: 0

CVE-2026-2571 vulnerability details – vuln.today

Back

CVE-2026-2571

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-2571

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code