CVE-2021-24786

CVE-2021-24786: Download Monitor < 4.4.5 - Admin+ SQL Injection

Vendor Unknown
Product Download Monitor
Weakness CWE-89 · SQLi
Published January 3, 2022
Last update May 22, 2025

CVSS base score

What the vulnerability does

01Description

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue

Key dates

02Disclosure timeline

January 3, 2022 CVE published
May 22, 2025 Record updated