Arbitrary File Download Vulnerability in Download Monitor Plugin by WordPress
CVE-2026-39489

4.4MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
15 June 2026

What is CVE-2026-39489?

The Download Monitor plugin for WordPress versions 5.1.9 and below is susceptible to an arbitrary file download vulnerability. This flaw allows unauthorized users to download files from the server, potentially leading to exposure of sensitive information. It is crucial for users and administrators to update to the latest version to mitigate any risks associated with this vulnerability.

Affected Version(s)

Download Monitor <= 5.1.9

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
.