Wpchill

Download Monitor

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
0

CVE-2026-39486

  • EPSS 0.02%
  • Veröffentlicht 08.04.2026 08:30:11
  • Zuletzt bearbeitet 08.04.2026 21:26:35

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8.

5.4

CVE-2026-4401

  • EPSS 0.02%
  • Veröffentlicht 07.04.2026 23:25:27
  • Zuletzt bearbeitet 08.04.2026 21:26:35

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bulk_actions_handler()` methods in `class-dlm-downloads-path.php` in all versions up to, and including, 5.1.10. This is due to missi...

7.5

CVE-2026-3124

  • EPSS 0.04%
  • Veröffentlicht 30.03.2026 01:24:44
  • Zuletzt bearbeitet 30.03.2026 13:26:07

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible for u...

7.5

CVE-2025-47439

  • EPSS 0.32%
  • Veröffentlicht 07.05.2025 14:19:30
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor download-monitor allows PHP Local File Inclusion.This issue affects Download Monitor: from n/a through ...

4.3

CVE-2024-10399

  • EPSS 0.16%
  • Veröffentlicht 30.10.2024 06:15:14
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated at...

4.3

CVE-2024-10092

  • EPSS 0.1%
  • Veröffentlicht 26.10.2024 08:15:03
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authen...

7.5

CVE-2022-4972

  • EPSS 1.77%
  • Veröffentlicht 16.10.2024 07:15:12
  • Zuletzt bearbeitet 30.10.2024 16:34:55

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated att...

4.3

CVE-2024-8552

  • EPSS 0.41%
  • Veröffentlicht 26.09.2024 03:15:03
  • Zuletzt bearbeitet 02.10.2024 17:00:45

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attacke...

5.4

CVE-2024-3269

  • EPSS 0.14%
  • Veröffentlicht 30.05.2024 04:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authentica...

7.2

CVE-2024-30501

  • EPSS 0.58%
  • Veröffentlicht 29.03.2024 14:15:14
  • Zuletzt bearbeitet 27.02.2025 14:53:37

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.