3 matches found
CVE-2021-24697
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1 sdmactivetab GET parameter and 2 sdmstatsstartdate/sdmstatsenddate POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2021-24697 Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1 sdmactivetab GET parameter and 2 sdmstatsstartdate/sdmstatsenddate POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2021-24697
The CVE-2021-24697 entry concerns the WordPress Simple Download Monitor plugin prior to 3.9.5. The vulnerability is a reflected XSS caused by insufficient escaping of the sdm_active_tab (GET) and sdm_stats_start_date/sdm_stats_end_date (POST) parameters when echoed back in HTML attributes. Affect...