Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
wpchill

Download Monitor

15 Versions 10 CVEs

Versions

4.9.13

SEMANTIC 1 CVE

5.0.13

SEMANTIC 1 CVE

5.0.12

SEMANTIC 1 CVE

5.0.9

SEMANTIC 1 CVE

4.7.51

SEMANTIC 1 CVE

4.8.2

SEMANTIC 1 CVE

4.4.6

SEMANTIC 1 CVE

4.8.4

SEMANTIC 1 CVE

4.8.3

SEMANTIC 1 CVE

4.4.7

SEMANTIC 1 CVE

4.7.70

SEMANTIC 1 CVE

4.9.5

SEMANTIC 1 CVE

4.7.60

SEMANTIC 1 CVE

4.8.1

SEMANTIC 1 CVE

4.9.4

SEMANTIC 1 CVE

Recent CVEs

CVE-2024-10399

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users.

MEDIUM Oct 30, 2024

CVE-2024-10092

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones.

MEDIUM Oct 26, 2024

CVE-2022-4972

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.

HIGH Oct 16, 2024

CVE-2024-8552

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality.

MEDIUM Sep 26, 2024

CVE-2024-3269

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete its data.

MEDIUM May 30, 2024

CVE-2024-30501

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.

HIGH Mar 29, 2024

CVE-2022-45354

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.

MEDIUM Jan 08, 2024

CVE-2023-34007

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.

CRITICAL Dec 20, 2023

CVE-2023-31219

Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.

MEDIUM Nov 13, 2023

CVE-2021-23174

Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].

LOW Jan 28, 2022