Vulnerabilities and security researches fordownload-monitor download-monitor
Direction: ascendingJun 06, 2024
Download Monitor # CVE-2021-24786
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 03, 2022
- Research Description
- The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2015-9296
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 13, 2019
- Research Description
- The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2021-36920
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 15, 2022
- Research Description
- Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2008-1646
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 02, 2008
- Research Description
- SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2021-23174
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 29, 2022
- Research Description
- Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2021-31567
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 29, 2022
- Research Description
- Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2012-4768
- CVE, Research URL
- Home page URL
- Application
- Date
- Sep 04, 2014
- Research Description
- Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2008-2034
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 30, 2008
- Research Description
- SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2022-2222
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 17, 2022
- Research Description
- The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2022-2981
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 11, 2022
- Research Description
- The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2022-45354
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 09, 2024
- Research Description
- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2023-31219
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 13, 2023
- Research Description
- Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2013-3262
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 10, 2013
- Research Description
- Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2013-5098
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 10, 2013
- Research Description
- Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2023-34007
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 21, 2023
- Research Description
- Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2024-30501
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 29, 2024
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Download Monitor # CVE-2024-3269
- CVE, Research URL
- Home page URL
- Application
- Date
- May 30, 2024
- Research Description
- The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete its data.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Sep 26, 2024
Download Monitor # CVE-2024-8552
- CVE, Research URL
- Home page URL
- Application
- Date
- Sep 26, 2024
- Research Description
- The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 18, 2024
Download Monitor # CVE-2022-4972
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 16, 2024
- Research Description
- The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 27, 2024
Download Monitor # CVE-2024-10092
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 26, 2024
- Research Description
- The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 31, 2024
Download Monitor # CVE-2024-10399
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 30, 2024
- Research Description
- The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
May 09, 2025
Download Monitor # CVE-2025-47439
- CVE, Research URL
- Home page URL
- Application
- Date
- May 07, 2025
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor allows PHP Local File Inclusion. This issue affects Download Monitor: from n/a through 5.0.22.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable