CVE-2022-2981

Name of the Vulnerable Software and Affected Versions Download Monitor WordPress plugin versions prior to 4.5.98

Description The issue is related to insufficient protection of registration data, allowing a remote attacker to disclose protected information. High privilege users, such as admins, can download sensitive files like wp-config.php or /etc/passwd, even in hardened environments or multisite setups.

Recommendations For versions prior to 4.5.98, update to version 4.5.98 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.