Lucene search
Wpl0v3rPATCHSTACK:8D56B6D7AEA57C5352CD90538F04A9F1HistoryJan 09, 2018 - 12:00 a.m.
WordPress Simple Download Monitor plugin <=3.5.3 - Authenticated Cross-Site Scripting (XSS) vulnerability
2018-01-0900:00:00
wpl0v3r
patchstack.com
9
0.001 Low
EPSS
Percentile
46.6%
Authenticated Cross-Site Scripting (XSS) vulnerability found by wpl0v3r in WordPress Simple Download Monitor plugin (versions <=3.5.3). Vulnerable to Cross-Site Scripting via the sdm_upload parameter in an edit action to wp-admin/post.php.
Solution
Update the WordPress Simple Download Monitor plugin to the latest available version (at least 3.5.4).
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-download-monitor | le | 3.5.3 |
Related
cvelist
cvelist
CVE-2018-5213
2018-01-04 18:00:00
nvd
nvd
CVE-2018-5213
2018-01-04 18:29:00
osv
osv
CVE-2018-5213
2018-01-04 18:29:00
cve
cve
CVE-2018-5213
2018-01-04 18:29:00
prion
prion
Design/Logic Flaw
2018-01-04 18:29:00
patchstack
patchstack
openvas
openvas
WordPress Simple Download Monitor Plugin < 3.5.4 Stored XSS Vulnerabilities
2018-01-05 00:00:00
wpvulndb
wpvulndb
Simple Download Monitor <= 3.5.3 - Authenticated Cross-Site Scripting (XSS)
2018-01-02 00:00:00