Wpchill: >> Download Monitor >> 4.0.3 Security Vulnerabilities
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
CVSS Score
4.8
EPSS Score
0.002
Published
2022-01-14
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue
CVSS Score
7.2
EPSS Score
0.046
Published
2022-01-03
Page 2