Download Monitor Vulnerable to SQL Injection
CVE-2024-30501

7.2HIGH

Key Information:

Vendor: WordPress
Status: Download Monitor
Vendor: CVE Published:; 29 March 2024

What is CVE-2024-30501?

An SQL Injection vulnerability exists in the WPChill Download Monitor plugin, which allows attackers to manipulate SQL queries executed by the application. This vulnerability can be exploited by sending specially crafted SQL commands that bypass security controls, leading to unauthorized access to sensitive data. Affected versions include all prior to 4.9.4. Organizations using this plugin should implement immediate security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Download Monitor <= 4.9.4

References

https://patchstack.com/database/vulnerability/download-mo...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

movrment (Patchstack Alliance)

WordPress

What is CVE-2024-30501?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit