WPChill/download-monitor

GitHub

github.com

wordpress.org

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases164

Frequency4 weeks 16 hours

Last Release 7 months ago

Stars261

A WordPress plugin which provides an intuitive UI for uploading and managing downloadable files (including support for multiple versions), inserting download links into posts & logging downloads.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-31567 ↗	Jan 28, 2022Friday, 28 January 2022, 20:15	6.8 MEDIUM	6.8 MEDIUM
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.
CVE-2021-23174 ↗	Jan 28, 2022Friday, 28 January 2022, 20:15	3.4 LOW	3.5 LOW
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].