3 matches found
CVE-2022-4972
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...
PT-2024-11909 · WordPress · Download Monitor
Name of the Vulnerable Software and Affected Versions: Download Monitor plugin for WordPress versions up to, and including, 4.7.51 Description: The issue is related to a missing capability check on several REST-API routes, specifically those related to reporting, which allows unauthenticated...
VulnCheck KEV: CVE-2022-4972
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...