CVE-2022-2222

Name of the Vulnerable Software and Affected Versions Download Monitor WordPress plugin versions prior to 4.5.91

Description The issue allows high privilege users, such as administrators, to download sensitive files like wp-config.php or /etc/passwd, even in hardened environments or multisite setups, because it does not ensure that files to be downloaded are inside the blog folders and not sensitive.

Recommendations For versions prior to 4.5.91, update to version 4.5.91 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.