Lucene search
K

166 matches found

Patchstack
Patchstack
added 2026/03/27 11:21 a.m.5 views

WordPress Simple Download Counter plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Simple Download Counter versions = 2.3...

6.4CVSS5.9AI score0.00239EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/26 6:30 a.m.4 views

EUVD-2026-16098

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...

6.4CVSS6AI score0.00239EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/03/26 3:37 a.m.3 views

CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...

6.4CVSS6AI score0.00239EPSS
Exploits0References10
CVE
CVE
added 2026/03/26 3:37 a.m.6 views

CVE-2026-4278

The CVE-2026-4278 entry concerns the WordPress plugin Simple Download Counter, vulnerable to Stored Cross-Site Scripting via the sdc_menu shortcode in versions up to 2.3. The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically text...

6.4CVSS6AI score0.00239EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/03/26 3:37 a.m.37 views

CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...

6.4CVSS0.00239EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28200

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' a...

6.4CVSS6AI score0.00239EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

WordPress plugin Simple Download Counter 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.6 views

CVE-2026-2383

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 9:30 a.m.5 views

EUVD-2026-9017

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
NVD
NVD
added 2026/02/27 9:16 a.m.6 views

CVE-2026-2383

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS0.00197EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 8:24 a.m.3 views

CVE-2026-2383 Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

WordPress plugin Simple Download Monitor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.5 views

PT-2026-22319

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/26 11:43 p.m.8 views

WordPress Simple Download Monitor plugin <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Field vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Download Monitor versions = 4.0.5...

6.4CVSS5.3AI score0.00197EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.5 views

CVE-2023-4838

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible...

6.4CVSS5AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 3:40 a.m.21 views

CVE-2025-13677

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...

4.9CVSS5.8AI score0.00439EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/10 7:58 a.m.12 views

WordPress Simple Download Counter plugin <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Administrator+ Arbitrary File Read via Path Traversal vulnerability discovered by ChamlaVic in WordPress Plugin Simple Download Counter versions = 2.2.2...

4.9CVSS6.8AI score0.00439EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/10 3:23 a.m.5 views

EUVD-2025-202392

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...

4.9CVSS5.4AI score0.00439EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/10 3:23 a.m.22 views

CVE-2025-13677 Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal

The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the simpledownloadcounterparsepath function. This makes it possible for authenticated attackers, with Administrator-level...

4.9CVSS0.00439EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.3 views

WordPress plugin Simple Download Counter 路径遍历漏洞

...

4.9CVSS5.8AI score0.00439EPSS
Exploits0References4
Rows per page
Query Builder