Download Monitor <= 4.7.60 - Sensitive Information Exposure (CVE-2022-45354)

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords)

WordPress的下载监控插件在版本4.7.60及以下存在敏感信息泄露漏洞，该漏洞通过REST API实现，可能使未经身份验证的攻击者提取包括用户报告、下载报告以及用户数据（不包括密码）在内的敏感信息。