The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.
Metrics
Affected Vendors & Products
References
History
Wed, 30 Oct 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:* |
Wed, 16 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpchill
Wpchill download Monitor |
|
CPEs | cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:*:*:* | |
Vendors & Products |
Wpchill
Wpchill download Monitor |
|
Metrics |
ssvc
|
Wed, 16 Oct 2024 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators. | |
Title | Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export | |
Weaknesses | CWE-862 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-10-16T06:43:39.366Z
Updated: 2024-10-16T19:31:45.383Z
Reserved: 2024-10-15T18:02:00.796Z
Link: CVE-2022-4972
Vulnrichment
Updated: 2024-10-16T19:31:38.444Z
NVD
Status : Analyzed
Published: 2024-10-16T07:15:12.257
Modified: 2024-10-30T16:34:55.117
Link: CVE-2022-4972
Redhat
No data.