WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101465)

WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The WordPress plugin is a WordPress open source application plugin. WordPress plugin Simple Download Monitor version 3.9.5 before the cross-site scripting vulnerability, the vulnerability stems from the lack of the plugin for sdm_active_tab GET parameter and sdm_stats_start_date/sdm_stats_end_date POST parameter to effectively filter and transfer. active_tab GET parameters and sdm_stats_start_date/sdm_stats_end_date POST parameters are effectively filtered and escaped, resulting in a reflection-based cross-site scripting issue. No detailed vulnerability details are available at this time.