CVE-2026-3124Authorization Bypass Through User-Controlled Key in Download Monitor

CWE-639Authorization Bypass Through User-Controlled Key4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 89.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wpchill Download Monitor
Timeline
PublishedMar 30

Description

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary pending orders by exploiting a mismatch between the PayPal transaction token and the local order, allowing theft of paid digital goods by paying a minimal amount for a low-cost item and using that paymen

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5wpchill/download_monitor5.1.7

🔴Vulnerability Details

2
CVEList
Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'2026-03-30
GHSA
GHSA-r9gc-9vw9-725f: The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 52026-03-30

🕵️Threat Intelligence

1
Wiz
CVE-2026-3124 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-3124 — Wpchill Download Monitor vulnerability | cvebase