VYPR
Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026

Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export

CVE-2022-4972

Description

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.