WordPress Plugin Vulnerabilities

Download Monitor < 4.8.2 - Admin+ SSRF

Description

The plugin does not validate a parameter before making a request to it, which could allow high privilege users such as admin to perform SSRF attacks

Affects Plugins

Plugin icon
download-monitor
Fixed in 4.8.2

References

CVE
CVE-2023-31219

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
0ca9a8ea-42fe-4880-bd71-df3926ee8c77

Timeline

Publicly Published
2023-05-30 (about 2 years ago)
Added
2023-11-13 (about 2 years ago)
Last Updated
2023-11-13 (about 2 years ago)

Other

Published
Title
Published
2024-04-22
Title
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) < 2.0.8.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2024-03-28
Title
Brave Popup Builder < 0.6.6 - Unauthenticated Server-Side Request Forgery
Published
2026-03-10
Title
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe < 28.1.2.2 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2026-02-13
Title
MailerPress < 1.5.0 - Authenticated (Contributor+) Server-Side Request Forgery
Published
2023-05-15
Title
Essential Addons for Elementor Pro < 5.4.9 - Unauthenticated SSRF