CVE-2021-24786

Name of the Vulnerable Software and Affected Versions Download Monitor WordPress plugin versions prior to 4.4.5

Description The issue arises from the improper validation and escaping of the orderby GET parameter in SQL statements when viewing logs, leading to an SQL Injection issue.

Recommendations For versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the log viewing functionality until the update is applied.