Vulnerabilities and security researches forwebsite-file-changes-monitor website-file-changes-monitor

May 17, 2025

CVE, Research URL: CVE-2024-10009
Home page URL: Security reports for Melapress File Monitor
Application: Melapress File Monitor
Date: May 16, 2025
Research Description: The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-2269
Home page URL: Security reports for Melapress File Monitor
Application: Melapress File Monitor
Date: Aug 08, 2022
Research Description: The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection
Affected versions: Min -, max -.
Status: vulnerable