CVE-2024-8552

Name of the Vulnerable Software and Affected Versions: Download Monitor plugin for WordPress versions up to, and including, 5.0.9

Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization due to a missing capability check on the enable shop() function. This enables them to enable shop functionality.

Recommendations: For versions up to, and including, 5.0.9, update to a version higher than 5.0.9 to resolve the issue. As a temporary workaround, consider disabling the enable shop() function until a patch is available.