Wpchill Download Monitor — known CVE vulnerabilities
Every CVE whose affected-product data names Wpchill Download Monitor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-34007 — CVSS 9.9 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a…
CVE-2024-30501 — CVSS 7.6 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue…
CVE-2022-4972 — CVSS 7.5 (high): The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API…
CVE-2021-24786 — CVSS 7.2 (high): The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a…
CVE-2022-45354 — CVSS 5.3 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor…
CVE-2022-2981 — CVSS 4.9 (medium): The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not…
CVE-2022-2222 — CVSS 4.9 (medium): The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not…
CVE-2024-8552 — CVSS 4.3 (medium): The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
CVE-2023-31219 — CVSS 4.1 (medium): Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.