Medium severity6.8NVD Advisory· Published Jan 28, 2022· Updated Jun 17, 2026
CVE-2021-31567
CVE-2021-31567
Description
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=4.4.6
Patches
Vulnerability mechanics
References
3- github.com/WPChill/download-monitor/blob/master/changelog.txtnvdRelease NotesThird Party Advisory
- patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-arbitrary-file-download-vulnerabilitynvdThird Party Advisory
- wordpress.org/plugins/download-monitor/nvdProduct
News mentions
0No linked articles in our index yet.