Wpchill

Download Monitor

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-47439

  • EPSS 0.1%
  • Published 07.05.2025 14:19:30
  • Last modified 08.05.2025 14:39:18

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor allows PHP Local File Inclusion. This issue affects Download Monitor: from n/a through 5.0.22.

4.3

CVE-2024-10399

  • EPSS 0.04%
  • Published 30.10.2024 06:15:14
  • Last modified 01.11.2024 12:57:03

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated at...

4.3

CVE-2024-10092

  • EPSS 0.03%
  • Published 26.10.2024 08:15:03
  • Last modified 28.10.2024 13:58:09

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authen...

7.5

CVE-2022-4972

  • EPSS 1.66%
  • Published 16.10.2024 07:15:12
  • Last modified 30.10.2024 16:34:55

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated att...

4.3

CVE-2024-8552

  • EPSS 0.21%
  • Published 26.09.2024 03:15:03
  • Last modified 02.10.2024 17:00:45

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attacke...

5.4

CVE-2024-3269

  • EPSS 0.14%
  • Published 30.05.2024 04:15:10
  • Last modified 21.11.2024 09:29:17

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authentica...

7.2

CVE-2024-30501

  • EPSS 0.58%
  • Published 29.03.2024 14:15:14
  • Last modified 27.02.2025 14:53:37

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.

7.5

CVE-2022-45354

  • EPSS 88.32%
  • Published 08.01.2024 21:15:08
  • Last modified 21.11.2024 07:29:05

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.

8.8

CVE-2023-34007

  • EPSS 0.31%
  • Published 20.12.2023 19:15:09
  • Last modified 21.11.2024 08:06:23

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.

4.9

CVE-2023-31219

  • EPSS 0.16%
  • Published 13.11.2023 03:15:08
  • Last modified 21.11.2024 08:01:38

Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.