CVE-2022-2981
- EPSS 0.31%
- Veröffentlicht 10.10.2022 21:15:10
- Zuletzt bearbeitet 21.11.2024 07:02:01
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an harden...
CVE-2022-2222
- EPSS 0.84%
- Veröffentlicht 17.07.2022 11:15:09
- Zuletzt bearbeitet 21.11.2024 07:00:34
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an harden...
CVE-2021-31567
- EPSS 1.05%
- Veröffentlicht 28.01.2022 20:15:11
- Zuletzt bearbeitet 20.02.2025 21:15:12
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via t...
CVE-2021-23174
- EPSS 0.42%
- Veröffentlicht 28.01.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 05:51:19
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
CVE-2021-36920
- EPSS 0.16%
- Veröffentlicht 14.01.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 06:14:18
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
CVE-2021-24786
- EPSS 4.57%
- Veröffentlicht 03.01.2022 13:15:08
- Zuletzt bearbeitet 22.05.2025 19:15:23
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue