Security Advisory

CVE-2022-4972

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-16 06:43:39

Last updated 2026-04-08 17:14:03

Assigner Wordfence

State PUBLISHED

Description

The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.

← Browse all CVEs View on cve.org ↗