Wpchill

Download Monitor

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2026-39489

  • EPSS 0.34%
  • Veröffentlicht 15.06.2026 20:17:51
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.

8.5

CVE-2026-39486

  • EPSS 0.26%
  • Veröffentlicht 08.04.2026 08:30:11
  • Zuletzt bearbeitet 29.04.2026 10:17:24

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8.

5.4

CVE-2026-4401

  • EPSS 0.16%
  • Veröffentlicht 07.04.2026 23:25:27
  • Zuletzt bearbeitet 27.04.2026 19:04:22

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bulk_actions_handler()` methods in `class-dlm-downloads-path.php` in all versions up to, and including, 5.1.10. This is due to missi...

7.5

CVE-2026-3124

  • EPSS 0.27%
  • Veröffentlicht 30.03.2026 01:24:44
  • Zuletzt bearbeitet 24.04.2026 16:36:24

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible for u...

7.5

CVE-2025-47439

  • EPSS 0.69%
  • Veröffentlicht 07.05.2025 14:19:30
  • Zuletzt bearbeitet 23.04.2026 15:30:12

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor download-monitor allows PHP Local File Inclusion.This issue affects Download Monitor: from n/a through ...

4.3

CVE-2024-10399

  • EPSS 0.4%
  • Veröffentlicht 30.10.2024 06:15:14
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated at...

4.3

CVE-2024-10092

  • EPSS 0.44%
  • Veröffentlicht 26.10.2024 08:15:03
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authen...

7.5

CVE-2022-4972

  • EPSS 0.46%
  • Veröffentlicht 16.10.2024 07:15:12
  • Zuletzt bearbeitet 30.10.2024 16:34:55

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated att...

4.3

CVE-2024-8552

  • EPSS 0.36%
  • Veröffentlicht 26.09.2024 03:15:03
  • Zuletzt bearbeitet 02.10.2024 17:00:45

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attacke...

5.4

CVE-2024-3269

  • EPSS 0.3%
  • Veröffentlicht 30.05.2024 04:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authentica...