Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-45354 — Sensitive Information Exposure in Download Monitor

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

7.5HIGHNVD

CNA5.3VulnCheck5.3

EPSS

87.6%

top 0.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wpchill Download Monitor

Timeline

PublishedJan 8

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5wpchill/download_monitorn/a — 4.7.60

▶NVDwpchill/download_monitor4.7.60

🔴Vulnerability Details

GHSA

GHSA-gq65-6w6h-w9gj: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor↗2024-01-08

▶

CVEList

WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure↗2024-01-08

▶

VulnCheck

WPChill Download Monitor Information Disclosure↗2022

▶

💥Exploits & PoCs

Nuclei

Download Monitor <= 4.7.60 - Sensitive Information Exposure

▶