N/A
2026-04-20< 5.1.10
Download Monitor <= 5.1.9 - Authenticated (Author+) Arbitrary File Download
Download Monitor
Minimum safe version
5.1.11
Update to 5.1.11 or later to address 38 fixable vulnerabilities
Latest available5.1.14 ✓Affected up to1.6.4 ⚠
High 8.5
2026-04-08< 5.1.9
CVE-2026-39486
Medium 5.4
2026-04-08< 5.1.11
Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling
N/A
2026-03-29< 5.1.8
Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'
High 7.5
2025-05-07< 5.0.23
CVE-2025-47439
Medium 4.3
2024-10-30< 5.0.14
CVE-2024-10399
Medium 4.3
2024-10-26< 5.0.13
CVE-2024-10092
High 7.5
2024-10-16< 4.7.52
CVE-2022-4972
Medium 4.3
2024-09-26< 5.0.10
CVE-2024-8552
Medium 5.4
2024-05-30< 4.9.14
CVE-2024-3269
High 7.2
2024-03-29< 4.9.5
CVE-2024-30501
N/A
2024-01-08< 4.9.5
WordPress Download Monitor Plugin < 4.9.5 is vulnerable to SQL Injection
N/A
2024-01-08< 4.9.5
Download Monitor <= 4.9.4 - Authenticated (Admin+) SQL Injection
Critical 9.9
2023-12-20< 4.8.4
CVE-2023-34007
N/A
2023-06-09< 4.7.70
Download Monitor <= 4.7.60 - Missing Authorization to Authenticated Data Export
N/A
2023-06-07< 4.8.4
Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file
Medium 4.1
2023-11-13< 4.8.2
CVE-2023-31219
Medium 5.3
2024-01-08< 4.7.70
CVE-2022-45354
N/A
2015-03-08< 1.6.4
Download Monitor <= 1.6.3 - Directory Listing to Information Disclosure
N/A
2015-04-20≤ 1.6.4
Download Monitor <= 1.6.4 - Reflected Cross-Site Scripting
N/A
2017-05-05< 1.9.7
Download Monitor <= 1.9.6 - Missing Authorization
N/A
2022-11-01< 4.7.3
Download Monitor <= 4.7.2 - Authenticated Directory Traversal to Sensitive Information Exposure
N/A
2022-11-26< 4.7.52
Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export
N/A
< 1.6.4
Download Monitor < 1.6.4 - Authenticated Directory Listing
N/A
< 1.9.7
Download Monitor < 1.9.7 - Unauthenticated Downloading of Logs
Medium 4.9
2022-10-10< 4.5.98
CVE-2022-2981
Medium 4.9
2022-07-17< 4.5.91
CVE-2022-2222
N/A
2015-05-15< 1.7.1
WordPress Download Monitor Plugin <= 1.7.0 - Cross Site Scripting
N/A
2016-08-11< 1.6.4
WordPress Download Monitor Plugin <= 1.6.3 - Authenticated Directory Listing
N/A
2008-04-02< 1.2.1
CVE-2008-1646
N/A
2008-04-30< 2.0.9
CVE-2008-2034
N/A
2013-08-09< 3.3.6.2
CVE-2013-5098
N/A
2013-08-09< 3.3.6.2
CVE-2013-3262
N/A
2014-09-04< 3.3.5.9
CVE-2012-4768
Medium 6.1
2019-08-13< 1.7.1
CVE-2015-9296
High 7.2
2022-01-03< 4.4.5
CVE-2021-24786
Medium 4.8
2022-01-14< 4.4.7
CVE-2021-36920
Medium 6.8
2022-01-28< 4.4.7
CVE-2021-31567
Low 3.4
2025-10-03< 4.4.7
CVE-2021-23174