Download Monitor <= 4.4.4 is vulnerable to SQL Injection (SQLi) vulnerability

Administrator

Published
2021-10-19

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24786

CVSS

Score:4.7

Severity:Medium

Version: 4.4.4

There is a patch available in v4.4.5 and we strongly recommend you update to this version as soon as possible.