Vulnerabilities > Wpchill > Download Monitor > 4.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2021-36920 | Cross-site Scripting vulnerability in Wpchill Download Monitor Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | 5.4 |
| 2022-01-03 | CVE-2021-24786 | SQL Injection vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue | 7.2 |