Login

Tag Archives: Download Monitor

12 Jun 2023

Hackers Likely Trying to Exploit This Partially Fixed Vulnerability in the WordPress Plugin Download Monitor

In the past few days we have seen what appear to be at least two hackers probing for usage of the WordPress plugin Download Monitor, which has 100,000+ installs. In looking into what might explain that, we found that there was a vulnerability that hackers would try to exploit that was partially fixed shortly before the probing started. Thankfully, there are some important limitations to it being exploitable.

The changelog for a recent version of the plugin had a concerning entry: [Read more]

5 Dec 2022

Information Disclosure Vulnerability in WordPress Plugin Download Monitor

A recent version of the WordPress plugin Download Monitor had a changelog that indicated that a security vulnerability might have been fixed, “Fix: Security fix”. Looking at the changes made seemed to show that the developer might have been improperly fixing a vulnerability and further checking confirmed that was the case.

[Read more]

15 Apr 2022

CVE, WPScan, and Patchstack Claimed That Possible Security Issue Was Addressed Five Months Before It Was

One of the changelog entries for version 4.5.9 of the WordPress plugin Download Monitor, which was released last week, is:

Fixed: Security issues regarding file downloads and download titles [Read more]

19 Jan 2022

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Download Monitor

Recently the WPScan Vulnerability Database added an entry claiming there had been a reflected cross-site scripting (XSS) vulnerability fixed in the WordPress plugin Download Monitor, though they also claimed it wasn’t verified and they provided no way for their customers to do the verification they failed to do.

[Read more]