CVE-2024-10399

Name of the Vulnerable Software and Affected Versions Download Monitor plugin for WordPress versions up to, and including, 5.0.13

Description The issue is related to a missing capability check on the ajax search users function, allowing authenticated attackers with Subscriber-level access and above to obtain usernames and emails of site users.

Recommendations For versions up to, and including, 5.0.13, update to a version higher than 5.0.13 to resolve the issue. As a temporary workaround, consider restricting access to the ajax search users function to minimize the risk of exploitation.