Description
WordPress Plugin Simple Download Monitor is prone to multiple vulnerabilities, including security bypass and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently remove thumbnails from downloads or reset the log entries, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Simple Download Monitor version 3.9.5.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.9.6 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:D7BDAF2B-CDD9-4AEE-B1BB-01728160FF25
https://sploitus.com/exploit?id=WPEX-ID:1FDA1356-77D8-4E77-9EE6-8F9CEEB3D380
https://sploitus.com/exploit?id=WPEX-ID:08F4C669-0000-4B17-B762-AE06F5D01538
https://plugins.svn.wordpress.org/simple-download-monitor/trunk/readme.txt