VYPR

Download Monitor

by WordPress

Source repositories

CVEs (26)

  • CVE-2024-10092MedOct 26, 2024
    risk 0.21cvss 4.3epss 0.00

    The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with…

  • CVE-2024-8552Sep 26, 2024
    risk 0.00cvss epss 0.00

    The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level…

  • CVE-2012-4768Sep 4, 2014
    risk 0.00cvss epss 0.10

    Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.

  • CVE-2013-5098Aug 9, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262.

  • CVE-2013-3262Aug 9, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.

  • CVE-2008-2034Apr 30, 2008
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained…

Page 2 of 2