Filtered by vendor Wpchill
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31567 | 1 Wpchill | 1 Download Monitor | 2022-02-03 | 6.8 Medium |
| Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS. | ||||
| CVE-2021-36920 | 1 Wpchill | 1 Download Monitor | 2022-01-21 | 5.4 Medium |
| Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | ||||
| CVE-2021-24786 | 1 Wpchill | 1 Download Monitor | 2022-01-11 | 7.2 High |
| The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue | ||||
| CVE-2021-24908 | 1 Wpchill | 1 Check \& Log Email | 2021-11-29 | 6.1 Medium |
| The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-24774 | 1 Wpchill | 1 Check \& Log Email | 2021-10-27 | 7.2 High |
| The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues | ||||