4 matches found
CVE-2021-24694
creationtimestamp| type| source ---|---|--- 2022-01-24 12:17:10+00:00| seen| https://t.me/cibsecurity/36104...
CVE-2021-24694
The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1 "color" or "cssclass" argument of sdmdownload shortcode, 2 "class" or "placeholder" argument of sdmsearchform shortcode...
CVE-2021-24694
CVE-2021-24694 affects the WordPress plugin Simple Download Monitor up to version 3.9.10. The vulnerability allows attackers with a role as low as Contributor to perform a Stored Cross-Site Scripting (XSS) via shortcodes: either the color/css_class parameters in sdm_download or the class/placehol...
CVE-2021-24694 Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes
The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1 "color" or "cssclass" argument of sdmdownload shortcode, 2 "class" or "placeholder" argument of sdmsearchform shortcode...