Exposure of Download Monitor
WordPress plugins29
exposure score
13,306
sites use
0
exploited
1
critical
CVEs
18 resultsCVE-2021-23174LOWWordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerabilityEPSS 83.2%CVE-2022-45354MEDIUMWordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data ExposureEPSS 38.1%CVE-2021-24786HIGHDownload Monitor < 4.4.5 - Admin+ SQL InjectionEPSS 17.5%CVE-2022-2222—Download Monitor < 4.5.91 - Admin+ Arbitrary File DownloadEPSS 0.9%CVE-2022-2981—Download Monitor < 4.5.98 - Admin+ Arbitrary File DownloadEPSS 0.9%CVE-2023-34007CRITICALWordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File UploadEPSS 0.7%CVE-2025-47439HIGHWordPress Download Monitor plugin <= 5.0.22 - Local File Inclusion VulnerabilityEPSS 0.7%CVE-2023-31219MEDIUMWordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.6%CVE-2024-30501HIGHWordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerabilityEPSS 0.6%CVE-2022-4972HIGHDownload Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data ExportEPSS 0.5%CVE-2024-10092MEDIUMDownload Monitor <= 5.0.12 - Missing Authorization to API Key ManipulationEPSS 0.4%CVE-2024-10399MEDIUMDownload Monitor <= 5.0.13 - Missing Authorization to Sensitive Information ExposureEPSS 0.4%CVE-2024-8552MEDIUMDownload Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop EnableEPSS 0.4%CVE-2026-39489MEDIUMWordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerabilityEPSS 0.3%CVE-2024-3269MEDIUMDownload Monitor <= 4.9.13 - Missing AuthorizationEPSS 0.3%CVE-2026-3124HIGHDownload Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'EPSS 0.3%CVE-2026-39486HIGHWordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerabilityEPSS 0.3%CVE-2026-4401MEDIUMDownload Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and DisablingEPSS 0.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →