4 matches found
CVE-2021-24693
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...
CVE-2021-24693
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...
CVE-2021-24693 Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...
CVE-2021-24693
The CVE pertains to WordPress Simple Download Monitor plugin versions before 3.9.5. The vulnerability is a Stored Cross-Site Scripting (XSS) in the File Thumbnail post meta output, exploitable by users with as little as Contributor role. The underlying issue is lack of escaping the File Thumbnail...