cleantalk
Vulnerabilities and Security Researches

Download Monitor, CVE-2021-31567

CVE, Research URL

CVE-2021-31567

Home page URL

Security reports for Download Monitor

Application

Download Monitor

Published on
Jan 29, 2022
Research Description
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.
Affected versions
Min -, max 4.4.7.
Status
vulnerable
Previous vulnerability researches
Simple Download Monitor (CVE-2025-24663) , Jan 26, 2025
Simple Download Monitor (CVE-2018-5212) , Jun 07, 2024
Simple Download Monitor (CVE-2021-24692) , Jun 07, 2024
Simple Download Monitor (CVE-2021-24694) , Jun 07, 2024
Simple Download Monitor (CVE-2021-24696) , Jun 07, 2024
New vulnerability
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025