Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Download Monitor — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in Download Monitor, with AI-generated Chinese analysis, references, and POCs.

Vendor: WPChill

CVE IDTitleCVSSSeverityPublished
CVE-2026-39486 WordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerability CWE-89 9.8AICriticalAI2026-04-08
CVE-2026-4401 Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling CWE-352 5.4 Medium2026-04-07
CVE-2026-3124 Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id' CWE-639 7.5 High2026-03-30
CVE-2025-47439 WordPress Download Monitor plugin <= 5.0.22 - Local File Inclusion Vulnerability CWE-98 7.5 High2025-05-07
CVE-2024-10399 Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure CWE-862 4.3 Medium2024-10-30
CVE-2024-10092 Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation CWE-862 4.3 Medium2024-10-26
CVE-2022-4972 Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export CWE-862 7.5 High2024-10-16
CVE-2024-8552 Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable CWE-862 4.3 Medium2024-09-26
CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization CWE-285 5.4 Medium2024-05-30
CVE-2024-30501 WordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerability CWE-89 7.6 High2024-03-29
CVE-2022-45354 WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure CWE-200 5.3 Medium2024-01-08
CVE-2023-34007 WordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File Upload CWE-434 9.9 Critical2023-12-20
CVE-2023-31219 WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF) CWE-918 4.1 Medium2023-11-13
CVE-2022-2981 Download Monitor < 4.5.98 - Admin+ Arbitrary File Download CWE-552 4.9 -2022-10-10
CVE-2022-2222 Download Monitor < 4.5.91 - Admin+ Arbitrary File Download CWE-552 4.9 -2022-07-17
CVE-2021-23174 WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability CWE-79 3.4 Low2022-01-28
CVE-2021-24786 Download Monitor < 4.4.5 - Admin+ SQL Injection CWE-89 7.2 -2022-01-03

All 17 known CVE vulnerabilities affecting Download Monitor with full Chinese analysis, references, and POCs where available.