4 matches found
CVE-2021-24696
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1 make admins export logs to exploit a separate log disclosure vulnerability fixed in 3.9.6, 2 delete logs fixed in 3.9.9, 3 remove thumbnail image from...
CVE-2021-24696
creationtimestamp| type| source ---|---|--- 2022-01-24 12:17:12+00:00| seen| https://t.me/cibsecurity/36105...
CVE-2021-24696
CVE-2021-24696 affects the WordPress plugin Simple Download Monitor prior to version 3.9.9. The root cause is missing nonce checks, enabling cross-site request forgery (CSRF) attacks. Reported impacts include admins exporting logs (potential log disclosure), deleting logs, and removing thumbnail ...
CVE-2021-24696 Simple Download Monitor < 3.9.9 - Multiple CSRF
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1 make admins export logs to exploit a separate log disclosure vulnerability fixed in 3.9.6, 2 delete logs fixed in 3.9.9, 3 remove thumbnail image from...