CVE-2026-4401

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

PT-2026-28427

Name of the Vulnerable Software and Affected Versions Download Monitor plugin for WordPress versions prior to 5.1.8 Description The software contains an Insecure Direct Object Reference issue in the executePayment function. Missing validation on a user-controlled key allows unauthenticated...

EUVD-2013-4939

Malware in sbrugna...

EUVD-2018-16997

Malware in sbrugna...

EUVD-2012-4693

Malware in sbrugna...

EUVD-2021-11698

Malware in sbrugna...

EUVD-2015-9136

Malware in sbrugna...

EUVD-2013-3199

Malware in sbrugna...

EUVD-2024-33086

Malicious code in bioql PyPI...

EUVD-2022-34502

Malicious code in bioql PyPI...

EUVD-2022-35202

Malicious code in bioql PyPI...

EUVD-2024-32900

Malicious code in bioql PyPI...

EUVD-2024-31860

Malicious code in bioql PyPI...

EUVD-2024-49257

Malicious code in bioql PyPI...

CVE-2024-3269

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...

CVE-2024-10399

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsearchusers function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2023-34007

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3...

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...

CVE-2015-9296

The download-monitor plugin before 1.7.1 for WordPress has XSS related to addqueryarg...

CVE-2022-4972

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...