Skip to main content

Download Monitor CVE-2026-39486

| EUVDEUVD-2026-20154 HIGH
SQL Injection (CWE-89)
2026-04-08 Patchstack GHSA-hwvq-xm42-wx99
8.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

4
CVSS changed
Apr 29, 2026 - 10:22 NVD
7.6 (HIGH) 8.5 (HIGH)
CVSS changed
Apr 21, 2026 - 21:22 NVD
7.6 (None) 7.6 (HIGH)
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20154
CVE Published
Apr 08, 2026 - 08:30 nvd
N/A

DescriptionCVE.org

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8.

Analysis

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8.

CVE-2023-34007 CRITICAL
9.9 Dec 20

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.8.3. Rated critical severity (

CVE-2022-2981 MEDIUM POC
4.9 Oct 10

The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog fold

CVE-2022-2222 MEDIUM POC
4.9 Jul 17

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog fold

CVE-2012-4768 MEDIUM POC
4.3 Sep 04

Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attac

CVE-2013-3262 MEDIUM POC
4.3 Aug 09

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress

CVE-2024-30501 HIGH
7.6 Mar 29

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download M

CVE-2026-39489 MEDIUM
4.4 Jun 15

Path traversal in the WordPress Download Monitor plugin (versions <= 5.1.9, by WP Chill) allows a network-accessible att

CVE-2013-5098 MEDIUM
4.3 Aug 09

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress

CVE-2024-8552 MEDIUM
4.3 Sep 26

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability

CVE-2023-31219 MEDIUM
4.1 Nov 13

Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.8.1. Rated medium severity (CVSS 4.1), this

Share

CVE-2026-39486 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy