Vulnerabilities > Wpchill > Download Monitor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2022-4972 | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. | 7.5 |
| 2024-09-26 | CVE-2024-8552 | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. | 4.3 |
| 2024-01-08 | CVE-2022-45354 | Unspecified vulnerability in Wpchill Download Monitor Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | 7.5 |
| 2023-12-20 | CVE-2023-34007 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpchill Download Monitor Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | 8.8 |
| 2023-11-13 | CVE-2023-31219 | Server-Side Request Forgery (SSRF) vulnerability in Wpchill Download Monitor Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1. | 4.9 |
| 2022-10-10 | CVE-2022-2981 | Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 4.9 |
| 2022-07-17 | CVE-2022-2222 | Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 4.0 |
| 2022-01-28 | CVE-2021-23174 | Cross-site Scripting vulnerability in Wpchill Download Monitor Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | 4.8 |
| 2022-01-28 | CVE-2021-31567 | Information Exposure vulnerability in Wpchill Download Monitor Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). | 6.8 |
| 2022-01-14 | CVE-2021-36920 | Cross-site Scripting vulnerability in Wpchill Download Monitor Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | 3.5 |