.. / CVE-2022-45354

Exploit for Download Monitor <= 4.7.60 - Sensitive Information Exposure (CVE-2022-45354)

Description:

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords)

Nuclei Template

View the template here CVE-2022-45354.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-45354.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-45354
https://github.com/nomi-sec/PoC-in-GitHub
https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-7-60-sensitive-data-exposure-vulnerability?_s_id=cve
https://github.com/RandomRobbieBF/CVE-2022-45354
https://wordpress.org/plugins/download-monitor/