Download monitor

This hub aggregates every CVE we track for Download monitor, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Download monitor.

• CVE-2026-39489WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability4.4Jun 15, 2026
• CVE-2026-39486WordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerability8.5Apr 8, 2026
• CVE-2026-4401Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling5.4Apr 7, 2026
• CVE-2026-3124Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'7.5Mar 30, 2026
• CVE-2025-47439WordPress Download Monitor plugin <= 5.0.22 - Local File Inclusion Vulnerability7.5May 7, 2025
• CVE-2024-10399Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure4.3Oct 30, 2024
• CVE-2024-10092Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation4.3Oct 26, 2024
• CVE-2022-4972Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export7.5Oct 16, 2024
• CVE-2024-8552Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable4.3Sep 26, 2024
• CVE-2024-3269Download Monitor <= 4.9.13 - Missing Authorization5.4May 30, 2024
• CVE-2024-30501WordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerability7.6Mar 29, 2024
• CVE-2022-45354WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure5.3Jan 8, 2024
• CVE-2023-34007WordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File Upload9.9Dec 20, 2023
• CVE-2023-31219WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF)4.1Nov 13, 2023
• CVE-2022-2981Download Monitor < 4.5.98 - Admin+ Arbitrary File Download4.9Oct 10, 2022