Description
Because of this vulnerability, any user can access the "sdm_tiny_get_post_ids" action which will return a JSON encoded list of all "post_id"and "post_title" that were uploaded with this plugin.
## Solution
Upgrade the plugin.
Affected Software
{"id": "PATCHSTACK:8CFACC1BB3FF366B71297962D455AC70", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress Simple Download Monitor Plugin <= 3.2.8 - Insufficient Authorisation", "description": "Because of this vulnerability, any user can access the \"sdm_tiny_get_post_ids\" action which will return a JSON encoded list of all \"post_id\"and \"post_title\" that were uploaded with this plugin.\n\n## Solution\n\nUpgrade the plugin.", "published": "2016-01-19T00:00:00", "modified": "2016-01-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://patchstack.com/database/vulnerability/simple-download-monitor-/wordpress-simple-download-monitor-plugin-3-2-8-insufficient-authorisation", "reporter": "James Golovich", "references": ["http://www.pritect.net/blog/simple-download-monitor-3-2-8-security-vulnerability"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-20T20:09:22", "viewCount": 1, "enchantments": {"score": {"value": 3.4, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "simple-download-monitor", "version": 3}]}, "vulnersScore": 3.4}, "_state": {"score": 1684013994, "dependencies": 1660016401, "affected_software_major_version": 1666695388, "epss": 1679290575}, "_internal": {"score_hash": "a6f7187558ad03fcffd82238006a25f4"}, "affectedSoftware": [{"version": "3.2.8", "operator": "le", "name": "simple-download-monitor"}], "vendor_cvss": {"score": "", "severity": ""}, "owasp": "A2: Broken Authentication and Session Management", "classification": "Bypass Vulnerability"}
{}
WordPress Simple Download Monitor Plugin <= 3.2.8 - Insufficient Authorisation