Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-101465
HistoryNov 10, 2021 - 12:00 a.m.

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101465)

2021-11-1000:00:00
China National Vulnerability Database
www.cnvd.org.cn
5

0.001 Low

EPSS

Percentile

41.3%

WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The WordPress plugin is a WordPress open source application plugin. WordPress plugin Simple Download Monitor version 3.9.5 before the cross-site scripting vulnerability, the vulnerability stems from the lack of the plugin for sdm_active_tab GET parameter and sdm_stats_start_date/sdm_stats_end_date POST parameter to effectively filter and transfer. active_tab GET parameters and sdm_stats_start_date/sdm_stats_end_date POST parameters are effectively filtered and escaped, resulting in a reflection-based cross-site scripting issue. No detailed vulnerability details are available at this time.

0.001 Low

EPSS

Percentile

41.3%