18 matches found
WordPress Simple Downloads List plugin unauthorized data modification vulnerability
WordPress Simple Downloads List plugin is a plugin for managing file downloads that allows users to create and manage file download lists on their website. An unauthorized data modification vulnerability exists in the WordPress Simple Downloads List plugin, which can be exploited by attackers to...
WordPress Simple Downloads List plugin <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Simple Downloads List versions = 1.4.3...
CVE-2025-12583
The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxneofixsdledit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, wi...
EUVD-2025-38343
The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxneofixsdledit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, wi...
CVE-2025-12583
The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxneofixsdledit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, wi...
CVE-2025-12583
The WordPress Simple Downloads List plugin (versions ≤ 1.4.3) is affected by a missing capability check on the wp_ajax_neofix_sdl_edit endpoint (and other endpoints), enabling authenticated attackers with Subscriber-level access or higher to modify plugin data/settings and inject malicious script...
CVE-2025-12583 Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxneofixsdledit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, wi...
CVE-2025-12583 Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxneofixsdledit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, wi...
WordPress plugin Simple Downloads List 安全漏洞
WordPress Simple Downloads List plugin is a plugin for managing file downloads that allows users to create and manage file download lists on their website. An unauthorized data modification vulnerability exists in the WordPress Simple Downloads List plugin, which can be exploited by attackers to...
PT-2025-45541
Name of the Vulnerable Software and Affected Versions Simple Downloads List plugin for WordPress versions up to and including 1.4.3 Description The Simple Downloads List plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the wp ajax...
CVE-2024-13594
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofixsdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
WordPress Simple Downloads List plugin <= 1.4.2 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Downloads List versions = 1.4.2...
CVE-2024-13594
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofixsdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13594
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofixsdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13594 Simple Downloads List <= 1.4.2 - Authenticated (Contributor+) SQL Injection
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofixsdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13594 Simple Downloads List <= 1.4.2 - Authenticated (Contributor+) SQL Injection
The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofixsdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
WordPress plugin Simple Downloads List SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection vulnerability...
PT-2025-2227 · WordPress · Simple Downloads List
Name of the Vulnerable Software and Affected Versions: Simple Downloads List plugin for WordPress versions up to, and including, 1.4.2 Description: The issue concerns a SQL injection vulnerability via the category attribute of the neofix sdl shortcode. This vulnerability is due to insufficient...