Lucene search
Wpl0v3rPATCHSTACK:176B58FD8A8977120CC2EF7905DEED48HistoryJan 09, 2018 - 12:00 a.m.
WordPress Simple Download Monitor plugin <=3.5.3 - Authenticated Cross-Site Scripting (XSS) vulnerability
2018-01-0900:00:00
wpl0v3r
patchstack.com
4
0.001 Low
EPSS
Percentile
47.7%
Authenticated Cross-Site Scripting (XSS) vulnerability found by wpl0v3r in WordPress Simple Download Monitor plugin (versions <=3.5.3). Vulnerable to Cross-Site Scripting via the “sdm_upload_thumbnail” parameter in an edit action to wp-admin/post.php.
Solution
Update the WordPress Simple Download Monitor plugin to the latest available version (at least 3.5.4).
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-download-monitor | le | 3.5.3 |
Related
patchstack
patchstack
cvelist
cvelist
CVE-2018-5212
2018-01-04 18:00:00
cve
cve
CVE-2018-5212
2018-01-04 18:29:00
nvd
nvd
CVE-2018-5212
2018-01-04 18:29:00
prion
prion
Design/Logic Flaw
2018-01-04 18:29:00
osv
osv
CVE-2018-5212
2018-01-04 18:29:00
openvas
openvas
WordPress Simple Download Monitor Plugin < 3.5.4 Stored XSS Vulnerabilities
2018-01-05 00:00:00
wpvulndb
wpvulndb
Simple Download Monitor <= 3.5.3 - Authenticated Cross-Site Scripting (XSS)
2018-01-02 00:00:00