Lucene search
K

4 matches found

OSV
OSV
added 2021/11/08 6:15 p.m.3 views

CVE-2021-24693

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...

9CVSS5.9AI score0.01241EPSS
Exploits2References1
NVD
NVD
added 2021/11/08 6:15 p.m.17 views

CVE-2021-24693

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...

9CVSS0.01241EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/11/08 5:35 p.m.18 views

CVE-2021-24693 Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...

8.2AI score0.01241EPSS
Exploits2References1
CVE
CVE
added 2021/11/08 5:35 p.m.62 views

CVE-2021-24693

The CVE pertains to WordPress Simple Download Monitor plugin versions before 3.9.5. The vulnerability is a Stored Cross-Site Scripting (XSS) in the File Thumbnail post meta output, exploitable by users with as little as Contributor role. The underlying issue is lack of escaping the File Thumbnail...

9CVSS8.3AI score0.01241EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder