CVE-2015-9296

The download-monitor plugin before 1.7.1 for WordPress has XSS related to addqueryarg...

CVE-2025-47439 WordPress Download Monitor plugin <= 5.0.22 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Chill Download Monitor download-monitor allows PHP Local File Inclusion.This issue affects Download Monitor: from n/a through = 5.0.22...

WordPress Download Monitor plugin <= 5.0.13 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Download Monitor versions = 5.0.13...

WordPress Download Monitor Plugin <= 5.0.13 is vulnerable to Broken Access Control

Software Download Monitor Type Plugin Vulnerable versions = 5.0.13 Fixed in 5.0.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10399 Patch priority Low CVSS severity Low 4.3 Developer WPChill PSID 4c314a68f652 Credits Trương Hữu Phúc truonghuuphuc...

WordPress Download Monitor plugin <= 5.0.12 - Missing Authorization to API Key Manipulation vulnerability

Missing Authorization to API Key Manipulation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Download Monitor versions = 5.0.12...

WordPress Download Monitor Plugin <= 5.0.9 is vulnerable to Broken Access Control

Software Download Monitor Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8552 Patch priority Low CVSS severity Low 4.3 Developer WPChill PSID 665830fe1653 Credits Trương Hữu Phúc truonghuuphuc Requir...

WordPress Download Monitor Plugin <= 4.9.4 is vulnerable to SQL Injection

Software Download Monitor Type Plugin Vulnerable versions = 4.9.4 Fixed in 4.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30501 Patch priority Low CVSS severity Low 7.6 Developer WPChill PSID 3e76ad1985a5 Credits movrment Required privilege Administrator Published 28...

WordPress Download Monitor Plugin < 4.7.70 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpchill:downloadmonitor"; if description...

WordPress Download Monitor Plugin < 4.9.5 is vulnerable to SQL Injection

Software Download Monitor Type Plugin Vulnerable versions 4.9.5 Fixed in 4.9.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority Low CVSS severity Low 7.2 Developer WPChill PSID 1be01d6b3a78 Credits WordFence Required privilege Administrator Published 8 January, 2024...

WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Download Monitor Type Plugin Vulnerable versions = 4.8.1 Fixed in 4.8.2 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-31219 Patch priority Low CVSS severity Low 4.1 Developer WPChill PSID fb7b8d305714 Credits Mika Required privilege Administrator...

WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure

Software Download Monitor Type Plugin Vulnerable versions = 4.7.60 Fixed in 4.7.70 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-45354 Patch priority Low CVSS severity Low 5.3 Developer WPChill PSID 4dbbcebe007d Credits Rafie Muhammad Patchstack...

CVE-2021-31567 WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability

Authenticated admin+ Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6. The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadablefileurls0 parameter data. It's also...

WordPress Download Monitor Plugin < 4.4.5 SQLi Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Download Monitor plugin <= 4.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan in WordPress Download Monitor plugin versions = 4.4.6. Solution Update the WordPress Download Monitor plugin to the latest available version at least 4.4.7...

Wordpress Download Monitor - Download Page Cross-Site Scripting

/----------------------------------------------------------------- | Wordpress Download Monitor - Download Page Cross-Site Scripting | -----------------------------------------------------------------/ Summary ======= Wordpress Download Monitor 3.3.5.7 is subject to a cross-site scripting...