Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tipsandtricks-hq simple download monitor vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-5650
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and previous versions allows remote malicious users to inject an arbitrary script via unspecified vectors.
Tipsandtricks-hq Simple Download Monitor
605
VMScore
CVE-2020-5651
SQL injection vulnerability in Simple Download Monitor 3.8.8 and previous versions allows remote malicious users to execute arbitrary SQL commands via a specially crafted URL.
Tipsandtricks-hq Simple Download Monitor
356
VMScore
CVE-2021-24692
The Simple Download Monitor WordPress plugin prior to 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
Tipsandtricks-hq Simple Download Monitor
356
VMScore
CVE-2021-24698
The Simple Download Monitor WordPress plugin prior to 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.
Tipsandtricks-hq Simple Download Monitor
445
VMScore
CVE-2021-24695
The Simple Download Monitor WordPress plugin prior to 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses an...
Tipsandtricks-hq Simple Download Monitor
605
VMScore
CVE-2021-24696
The Simple Download Monitor WordPress plugin prior to 3.9.9 does not enforce nonce checks, which could allow malicious users to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9),...
Tipsandtricks-hq Simple Download Monitor
383
VMScore
CVE-2021-24697
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Tipsandtricks-hq Simple Download Monitor
534
VMScore
CVE-2021-24693
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is...
Tipsandtricks-hq Simple Download Monitor
312
VMScore
CVE-2021-24694
The Simple Download Monitor WordPress plugin prior to 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "place...
Tipsandtricks-hq Simple Download Monitor
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started