Lucene search
Wpl0v3rPATCHSTACK:71F063C1A4121B001C1A0347D69A458DHistoryJan 09, 2018 - 12:00 a.m.
WordPress Simple Download Monitor plugin <=3.5.3 - Authenticated Cross-Site Scripting (XSS) vulnerability
2018-01-0900:00:00
wpl0v3r
patchstack.com
10
0.001 Low
EPSS
Percentile
47.7%
Authenticated Cross-Site Scripting (XSS) vulnerability found by wpl0v3r in WordPress Simple Download Monitor plugin (versions <=3.5.3). Vulnerable to Cross-Site Scripting via the “sdm_upload_thumbnail” parameter in an edit action to wp-admin/post.php.
Solution
Update the WordPress Simple Download Monitor plugin to the latest available version (at least 3.5.4).
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple download monitor | le | 3.5.3 |
Related
cve
cve
CVE-2018-5212
2018-01-04 18:29:00
patchstack
patchstack
nvd
nvd
CVE-2018-5212
2018-01-04 18:29:00
cvelist
cvelist
CVE-2018-5212
2018-01-04 18:00:00
prion
prion
Design/Logic Flaw
2018-01-04 18:29:00
osv
osv
CVE-2018-5212
2018-01-04 18:29:00
openvas
openvas
WordPress Simple Download Monitor Plugin < 3.5.4 Stored XSS Vulnerabilities
2018-01-05 00:00:00
wpvulndb
wpvulndb
Simple Download Monitor <= 3.5.3 - Authenticated Cross-Site Scripting (XSS)
2018-01-02 00:00:00