2 matches found
CVE-2018-5213
The vulnerability CVE-2018-5213 affects the WordPress Simple Download Monitor plugin prior to 3.5.4, where the sdm_upload (Downloadable File) parameter in an edit action to wp-admin/post.php can be exploited for XSS. Reports across NVD, CVE entries, and vendor databases consistently describe an a...
CVE-2018-5212
The CVE-2018-5212 entry applies to the WordPress Simple Download Monitor plugin prior to 3.5.4. The vulnerability is a stored/reflected XSS via the sdm_upload_thumbnail (File Thumbnail) parameter in an edit action to wp-admin/post.php. Affected versions are plugin versions less than 3.5.4; the is...