HomePentest-Tools.com Logo

Download Monitor <= 4.7.60 - Sensitive Information Exposure CVE-2022-45354

Severity
CVSSv3 Score
7.5
Vulnerability description

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords)\n

Risk description

No risk description to display.

Recommendation

Update to the latest version of the Download Monitor plugin (4.7.60) or apply the provided patch to fix the vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jan 8, 2024
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available