72 matches found
WordPress Simple Download Counter plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Simple Download Counter versions = 2.3...
EUVD-2026-16098
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...
CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...
CVE-2026-4278
The CVE-2026-4278 entry concerns the WordPress plugin Simple Download Counter, vulnerable to Stored Cross-Site Scripting via the sdc_menu shortcode in versions up to 2.3. The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically text...
CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...
WordPress plugin Simple Download Counter 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-28200
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' a...
WordPress Electric Studio Download Counter plugin cross-site scripting vulnerability
WordPress Electric Studio Download Counter plugin is a plugin for WordPress websites whose main function is to count and track the number of file downloads. The WordPress Electric Studio Download Counter plugin suffers from a cross-site scripting vulnerability that stems from the application's la...
CVE-2026-0741
The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0741
The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0741 Electric Studio Download Counter <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters
The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0741 Electric Studio Download Counter <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters
The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0741
The CVE-2026-0741 entry concerns the WordPress plugin Electric Studio Download Counter. A Stored Cross-Site Scripting vulnerability exists in all versions up to 2.4 due to insufficient input sanitization and output escaping in plugin settings. Authenticated attackers with Administrator-level acce...
EUVD-2026-2522
The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Electric Studio Download Counter 跨站脚本漏洞
WordPress Electric Studio Download Counter plugin is a plugin for WordPress websites whose main function is to count and track the number of file downloads. The WordPress Electric Studio Download Counter plugin suffers from a cross-site scripting vulnerability that stems from the application's la...
PT-2026-2843
The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Electric Studio Download Counter plugin <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Electric Studio Download Counter versions = 2.4...
CVE-2023-4838
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible...
CVE-2025-13677
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...
WordPress Simple Download Counter plugin <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal vulnerability
Authenticated Administrator+ Arbitrary File Read via Path Traversal vulnerability discovered by ChamlaVic in WordPress Plugin Simple Download Counter versions = 2.2.2...