Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tipsandtricks-hq simple download monitor vulnerabilities and exploits
(subscribe to this query)
9
CVSSv3
CVE-2021-24693
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is...
Tipsandtricks-hq Simple Download Monitor
5.4
CVSSv3
CVE-2021-24694
The Simple Download Monitor WordPress plugin prior to 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "place...
Tipsandtricks-hq Simple Download Monitor
8.8
CVSSv3
CVE-2021-24696
The Simple Download Monitor WordPress plugin prior to 3.9.9 does not enforce nonce checks, which could allow malicious users to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9),...
Tipsandtricks-hq Simple Download Monitor
6.5
CVSSv3
CVE-2021-24692
The Simple Download Monitor WordPress plugin prior to 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
Tipsandtricks-hq Simple Download Monitor
7.5
CVSSv3
CVE-2021-24695
The Simple Download Monitor WordPress plugin prior to 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses an...
Tipsandtricks-hq Simple Download Monitor
4.3
CVSSv3
CVE-2021-24698
The Simple Download Monitor WordPress plugin prior to 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.
Tipsandtricks-hq Simple Download Monitor
6.1
CVSSv3
CVE-2020-5650
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and previous versions allows remote malicious users to inject an arbitrary script via unspecified vectors.
Tipsandtricks-hq Simple Download Monitor
8.8
CVSSv3
CVE-2020-5651
SQL injection vulnerability in Simple Download Monitor 3.8.8 and previous versions allows remote malicious users to execute arbitrary SQL commands via a specially crafted URL.
Tipsandtricks-hq Simple Download Monitor
6.1
CVSSv3
CVE-2021-24697
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Tipsandtricks-hq Simple Download Monitor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started