Download Monitor Vulnerable to SQL Injection
CVE-2024-30501

7.2HIGH

Key Information:

Vendor: WordPress
Status: Download Monitor
Vendor: CVE Published:; 29 March 2024

Summary

An SQL Injection vulnerability exists in the WPChill Download Monitor plugin, which allows attackers to manipulate SQL queries executed by the application. This vulnerability can be exploited by sending specially crafted SQL commands that bypass security controls, leading to unauthorized access to sensitive data. Affected versions include all prior to 4.9.4. Organizations using this plugin should implement immediate security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Download Monitor <= 4.9.4

References

https://patchstack.com/database/vulnerability/download-mo...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

movrment (Patchstack Alliance)