Unauthorized Data Modification Vulnerability in Download Monitor for WordPress
CVE-2024-8552
4.3MEDIUM
What is CVE-2024-8552?
The Download Monitor plugin for WordPress has a vulnerability that allows unauthorized modification of data. This occurs due to a missing capability check in the enable_shop() function, which affects all versions up to and including 5.0.9. Authenticated users with Subscriber-level access or higher can exploit this issue to enable shop functionality without proper authorization, potentially jeopardizing sensitive data and undermining website integrity.
Affected Version(s)
Download Monitor * <= 5.0.9