Wpchill Download Monitor
12 CVEs affecting Wpchill Download Monitor. Latest disclosed: 2026-04-07. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-34007 | Critical | 9.9 | 2023-12-20 | Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. |
CVE-2024-30501 | High | 7.6 | 2024-03-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Moni… |
CVE-2026-3124 | High | 7.5 | 2026-03-30 | The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment(… |
CVE-2022-4972 | High | 7.5 | 2024-10-16 | The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporti… |
CVE-2026-4401 | Medium | 5.4 | 2026-04-07 | The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bulk_actions_handler()` methods in `class… |
CVE-2024-3269 | Medium | 5.4 | 2024-05-30 | The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin f… |
CVE-2022-45354 | Medium | 5.3 | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7… |
CVE-2024-10399 | Medium | 4.3 | 2024-10-30 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users functio… |
CVE-2024-10092 | Medium | 4.3 | 2024-10-26 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actio… |
CVE-2024-8552 | Medium | 4.3 | 2024-09-26 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in… |
CVE-2023-31219 | Medium | 4.1 | 2023-11-13 | Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1. |
CVE-2021-23174 | Low | 3.4 | 2022-01-28 | Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable param… |