The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.
References
Configurations
History
30 Oct 2024, 16:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Wpchill download Monitor
Wpchill |
|
CPE | cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:* | |
References | () https://plugins.trac.wordpress.org/changeset/2822758/download-monitor/trunk/src/Admin/Reports/class-dlm-reports.php?contextall=1&old=2821522&old_path=%2Fdownload-monitor%2Ftrunk%2Fsrc%2FAdmin%2FReports%2Fclass-dlm-reports.php - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/a9000c52-fdd7-43e2-ae6a-9f127c4a9fcd?source=cve - Third Party Advisory |
16 Oct 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-16 07:15
Updated : 2024-10-30 16:34
NVD link : CVE-2022-4972
Mitre link : CVE-2022-4972
CVE.ORG link : CVE-2022-4972
JSON object : View
Products Affected
wpchill
- download_monitor
CWE
CWE-862
Missing Authorization