CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

116 matches found

RedhatCVE•added 2026/02/28 2:0 p.m.•1 views

CVE-2026-2383

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS6AI score0.00045EPSS

Exploits0References1

EUVD•added 2026/02/27 9:30 a.m.•2 views

EUVD-2026-9017

6.4CVSS6AI score0.00045EPSS

Exploits0References5

NVD•added 2026/02/27 9:16 a.m.•3 views

CVE-2026-2383

6.4CVSS0.00045EPSS

Exploits0References4

Vulnrichment•added 2026/02/27 8:24 a.m.•1 views

CVE-2026-2383 Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

6.4CVSS5.9AI score0.00045EPSS

Exploits0References4

CNNVD•added 2026/02/27 12:0 a.m.•3 views

WordPress plugin Simple Download Monitor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00045EPSS

Exploits0References5

Positive Technologies•added 2026/02/27 12:0 a.m.•2 views

PT-2026-22319

6.4CVSS6AI score0.00045EPSS

Exploits0References5

Patchstack•added 2026/02/26 11:43 p.m.•4 views

WordPress Simple Download Monitor plugin <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Field vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Download Monitor versions = 4.0.5...

6.4CVSS5.3AI score0.00045EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-26811

Malware in sbrugna...

6.1CVSS5.5AI score0.00278EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-16997

Malware in sbrugna...

5.4CVSS5.4AI score0.00415EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-16998

Malware in sbrugna...

5.4CVSS5.4AI score0.00415EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-11609

Malware in sbrugna...

6.1CVSS6.1AI score0.0021EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-26812

Malware in sbrugna...

8.8CVSS6.4AI score0.00747EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2025-26079

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00048EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-3858

Malicious code in bioql PyPI...

7.6CVSS8.9AI score0.00058EPSS

Exploits0References1

RedhatCVE•added 2025/08/30 6:20 p.m.•1 views

CVE-2025-58197

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mra13 Simple Download Monitor simple-download-monitor allows Stored XSS.This issue affects Simple Download Monitor: from n/a through = 3.9.34...

6.5CVSS5.9AI score0.00047EPSS

Exploits0References1

Vulnrichment•added 2025/08/28 4:24 a.m.•2 views

CVE-2025-8977 Simple Download Monitor <= 3.9.33 - Simple Download Monitor <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality

The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS7.6AI score0.00048EPSS

Exploits0References4

Patchstack•added 2025/08/28 12:8 a.m.•6 views

WordPress Simple Download Monitor plugin <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality vulnerability

Authenticated Contributor+ SQL Injection via order parameter in Log Export functionality vulnerability discovered by dutafi in WordPress Plugin Simple Download Monitor versions = 3.9.33...

6.5CVSS7.9AI score0.00048EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/08/28 12:0 a.m.•2 views

PT-2025-34965

Name of the Vulnerable Software and Affected Versions: Simple Download Monitor plugin for WordPress versions through 3.9.33 Description: The Simple Download Monitor plugin for WordPress is susceptible to time-based SQL Injection via the order parameter. Insufficient escaping of user-supplied inpu...

6.5CVSS6.8AI score0.00048EPSS

Exploits0References9

CNNVD•added 2025/08/28 12:0 a.m.•1 views

WordPress plugin Simple Download Monitor SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

6.5CVSS7.7AI score0.00048EPSS

Exploits0References5

Patchstack•added 2025/08/27 7:1 p.m.•3 views

WordPress Simple Download Monitor Plugin <= 3.9.34 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Simple Download Monitor versions = 3.9.34...

6.5CVSS6.1AI score0.00047EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by