Unknown Download Monitor vulnerabilities
3 known vulnerabilities affecting unknown/download_monitor.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-2981MEDIUMCVSS 4.9≥ 4.5.98, < 4.5.982022-10-10
CVE-2022-2981 [MEDIUM] CWE-552 CVE-2022-2981: The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
cvelistv5nvd
CVE-2022-2222MEDIUMCVSS 4.9≥ 4.5.91, < 4.5.912022-07-17
CVE-2022-2222 [MEDIUM] CWE-552 CVE-2022-2222: The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
cvelistv5nvd
CVE-2021-24786HIGHCVSS 7.2PoC≥ 4.4.5, < 4.4.52022-01-03
CVE-2021-24786 [HIGH] CWE-89 CVE-2021-24786: The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderb
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
cvelistv5nvd