Authenticated Cross-Site Scripting (XSS) vulnerability found by wpl0v3r in WordPress Simple Download Monitor plugin (versions <=3.5.3). Vulnerable to Cross-Site Scripting via the “sdm_upload_thumbnail” parameter in an edit action to wp-admin/post.php.
Update the WordPress Simple Download Monitor plugin to the latest available version (at least 3.5.4).
CPE | Name | Operator | Version |
---|---|---|---|
simple-download-monitor | le | 3.5.3 |