Simple Download Monitor Security Vulnerabilities and Issues — Simple Download Monitor CVE List

Lucene search

Tipsandtricks-hqSimple Download Monitor

3 matches found

CVE•added 2022/03/14 3:15 p.m.•68 views

CVE-2021-24692

The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.

6.5CVSS6.4AI score0.00703EPSS

CVE•added 2022/01/24 8:15 a.m.•46 views

CVE-2021-24696

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image ...

8.8CVSS8.4AI score0.00109EPSS

CVE•added 2022/01/24 8:15 a.m.•45 views

CVE-2021-24694

The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "placeholder" argument of sdm_search_form shortcode.

5.4CVSS5.2AI score0.0018EPSS