Vulnerabilities > Wpchill > Download Monitor > 1.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2022-45354 | Unspecified vulnerability in Wpchill Download Monitor Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | 7.5 |
| 2023-12-20 | CVE-2023-34007 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpchill Download Monitor Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | 8.8 |
| 2023-11-13 | CVE-2023-31219 | Server-Side Request Forgery (SSRF) vulnerability in Wpchill Download Monitor Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1. | 4.9 |
| 2022-10-10 | CVE-2022-2981 | Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 4.9 |
| 2022-07-17 | CVE-2022-2222 | Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 4.0 |
| 2022-01-28 | CVE-2021-23174 | Cross-site Scripting vulnerability in Wpchill Download Monitor Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | 4.8 |
| 2022-01-28 | CVE-2021-31567 | Information Exposure vulnerability in Wpchill Download Monitor Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). | 6.8 |
| 2022-01-14 | CVE-2021-36920 | Cross-site Scripting vulnerability in Wpchill Download Monitor Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | 3.5 |