CVE-2021-31567

Name of the Vulnerable Software and Affected Versions Download Monitor WordPress plugin versions <= 4.4.6

Description The issue allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the downloadable file urls[0] parameter data. It is also possible to escape from the web server home directory and download any file within the OS.

Recommendations For Download Monitor WordPress plugin versions <= 4.4.6, update to a version greater than 4.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the downloadable file urls[0] parameter to minimize the risk of exploitation.