Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026
Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export
CVE-2022-4972
Description
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=4.7.51
- Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.