Home/Product/wpchill download monitor
Product

wpchill download monitor

16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2022-4972
<= 4.7.51
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-
7.5HIGH
 CVE-2024-8552
< 5.0.10
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on
4.3MEDIUM
 CVE-2024-30501
< 4.9.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.Thi
7.6HIGH
 CVE-2022-45354
<= 4.7.60
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download M
5.3MEDIUM
 CVE-2023-34007
<= 4.8.3
Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: fro
9.9CRITICAL
 CVE-2023-31219
<= 4.8.1
Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through
4.1MEDIUM
 CVE-2022-2981
< 4.5.98
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and n
4.9MEDIUM
 CVE-2022-2222
< 4.5.91
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and n
4.9MEDIUM
 CVE-2021-31567
<= 4.4.6
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6).
6.8MEDIUM
 CVE-2021-23174
< 4.4.7
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versio
3.4LOW
 CVE-2021-36920
<= 4.4.6
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.
4.8MEDIUM
 CVE-2021-24786
< 4.4.5
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using
7.2HIGH
 CVE-2015-9296
< 1.7.1
The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.
6.1MEDIUM
 CVE-2012-4768
all versions
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to in
 CVE-2013-5098
<= 1.0.6
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows rem
 CVE-2013-3262
<= 1.0.6
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows rem
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh