Product
The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) allowing unauthenticated attackers to steal paid digital goods by manipulating PayPal transaction tokens to complete arbitrary orders.