Description

WordPress Plugin Simple Download Monitor is prone to multiple vulnerabilities, including security bypass and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently remove thumbnails from downloads or reset the log entries, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Simple Download Monitor version 3.9.5.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.9.6 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:D7BDAF2B-CDD9-4AEE-B1BB-01728160FF25

https://sploitus.com/exploit?id=WPEX-ID:1FDA1356-77D8-4E77-9EE6-8F9CEEB3D380

https://sploitus.com/exploit?id=WPEX-ID:08F4C669-0000-4B17-B762-AE06F5D01538

https://plugins.svn.wordpress.org/simple-download-monitor/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin FV Flowplayer Video Player Multiple Vulnerabilities (7.3.14.727)

OpenSSL Other Vulnerability (CVE-2015-0208)

Oracle Application Server Other Vulnerability (CVE-2006-5360)

WordPress Plugin Easy Cookies Policy Cross-Site Scripting (1.6.2)

WordPress Plugin Request a Quote Cross-Site Scripting (2.3.4)

Severity

High

Classification

CVE-2021-24695 CVE-2021-24698 CWE-200 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update