Download Monitor
by Wpchill
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-34007 | Cri | 0.64 | 9.9 | 0.01 | Dec 20, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | ||
| CVE-2026-39486 | Hig | 0.55 | 8.5 | 0.00 | Apr 8, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8. | ||
| CVE-2024-30501 | Hig | 0.49 | 7.6 | 0.01 | Mar 29, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4. | ||
| CVE-2022-45354 | Med | 0.42 | 5.3 | 0.38 | Jan 8, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | ||
| CVE-2023-31219 | Med | 0.27 | 4.1 | 0.01 | Nov 13, 2023 | Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1. | ||
| CVE-2022-4972 | 0.00 | — | 0.00 | Oct 16, 2024 | The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and… | |||
| CVE-2024-8552 | 0.00 | — | 0.00 | Sep 26, 2024 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level… | |||
| CVE-2021-23174 | 0.00 | — | 0.83 | Jan 28, 2022 | Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | |||
| CVE-2012-4768 | 0.00 | — | 0.10 | Sep 4, 2014 | Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. | |||
| CVE-2013-5098 | 0.00 | — | 0.02 | Aug 9, 2013 | Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262. | |||
| CVE-2013-3262 | 0.00 | — | 0.02 | Aug 9, 2013 | Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. |
- risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.
- risk 0.42cvss 5.3epss 0.38
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.
- risk 0.27cvss 4.1epss 0.01
Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.
- CVE-2022-4972Oct 16, 2024risk 0.00cvss —epss 0.00
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and…
- CVE-2024-8552Sep 26, 2024risk 0.00cvss —epss 0.00
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level…
- CVE-2021-23174Jan 28, 2022risk 0.00cvss —epss 0.83
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
- CVE-2012-4768Sep 4, 2014risk 0.00cvss —epss 0.10
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
- CVE-2013-5098Aug 9, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262.
- CVE-2013-3262Aug 9, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.