WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure
CVE-2022-45354
5.3MEDIUM
Key Information:
- Vendor
- WordPress
- Status
- Vendor
- CVE Published:
- 8 January 2024
Badges
👾 Exploit Exists🟡 Public PoC
Summary
A vulnerability in WPChill's Download Monitor plugin exposes sensitive information to unauthorized actors. This issue affects versions of Download Monitor from n/a through 4.7.60. The exposure of sensitive data can lead to significant risks for users and organizations, highlighting the importance of maintaining updated versions of plugins and monitoring for potential vulnerabilities.
Affected Version(s)
Download Monitor <= 4.7.60
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
- 🟡
Public PoC available
- 👾
Exploit known to exist
Credit
Rafie Muhammad (Patchstack)