Vulnerabilities > CVE-2024-8552 - Missing Authorization vulnerability in Wpchill Download Monitor

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
wpchill
CWE-862

Summary

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality.

Vulnerable Configurations

Part Description Count
Application
Wpchill
129

Common Weakness Enumeration (CWE)