Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpchill download monitor vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-24786
The Download Monitor WordPress plugin prior to 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
Wpchill Download Monitor
4.9
CVSSv3
CVE-2022-2981
The Download Monitor WordPress plugin prior to 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite ...
Wpchill Download Monitor
7.5
CVSSv3
CVE-2022-45354
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a up to and including 4.7.60.
Wpchill Download Monitor
1 Github repository
4.9
CVSSv3
CVE-2023-31219
Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a up to and including 4.8.1.
Wpchill Download Monitor
4.8
CVSSv3
CVE-2021-23174
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
Wpchill Download Monitor
4.9
CVSSv3
CVE-2022-2222
The Download Monitor WordPress plugin prior to 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite ...
Wpchill Download Monitor
8.8
CVSSv3
CVE-2023-34007
Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a up to and including 4.8.3.
Wpchill Download Monitor
6.8
CVSSv3
CVE-2021-31567
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_u...
Wpchill Download Monitor
5.4
CVSSv3
CVE-2021-36920
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
Wpchill Download Monitor
NA
CVE-2024-30501
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a up to and including 4.9.4.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started