32 matches found
WordPress Simple Download Counter plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Simple Download Counter versions = 2.3...
EUVD-2026-16098
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...
CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...
CVE-2026-4278
The CVE-2026-4278 entry concerns the WordPress plugin Simple Download Counter, vulnerable to Stored Cross-Site Scripting via the sdc_menu shortcode in versions up to 2.3. The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically text...
CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...
WordPress plugin Simple Download Counter 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-28200
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' a...
CVE-2023-4838
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible...
CVE-2025-13677
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...
WordPress Simple Download Counter plugin <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal vulnerability
Authenticated Administrator+ Arbitrary File Read via Path Traversal vulnerability discovered by ChamlaVic in WordPress Plugin Simple Download Counter versions = 2.2.2...
EUVD-2025-202392
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2025-13677 Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...
PT-2025-50302
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simple download counter parse path function. This makes it possible for authenticated attackers, with Administrator-leve...
WordPress plugin Simple Download Counter 路径遍历漏洞
...
EUVD-2025-12308
Malicious code in bioql PyPI...
CVE-2025-46240
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Simple Download Counter simple-download-counter allows Stored XSS.This issue affects Simple Download Counter: from n/a through = 2.2...
CVE-2025-46240
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2...
CVE-2025-46240
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Simple Download Counter simple-download-counter allows Stored XSS.This issue affects Simple Download Counter: from n/a through = 2.2...
CVE-2025-46240
CVE-2025-46240 affects WordPress Simple Download Counter (
CVE-2025-46240 WordPress Simple Download Counter plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Simple Download Counter simple-download-counter allows Stored XSS.This issue affects Simple Download Counter: from n/a through = 2.2...