Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple download monitor vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-24696
The Simple Download Monitor WordPress plugin prior to 3.9.9 does not enforce nonce checks, which could allow malicious users to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9),...
Tipsandtricks-hq Simple Download Monitor
6.8
CVSSv2
CVE-2020-5651
SQL injection vulnerability in Simple Download Monitor 3.8.8 and previous versions allows remote malicious users to execute arbitrary SQL commands via a specially crafted URL.
Tipsandtricks-hq Simple Download Monitor
6
CVSSv2
CVE-2021-24693
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is...
Tipsandtricks-hq Simple Download Monitor
5
CVSSv2
CVE-2021-24695
The Simple Download Monitor WordPress plugin prior to 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses an...
Tipsandtricks-hq Simple Download Monitor
4.3
CVSSv2
CVE-2021-24697
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Tipsandtricks-hq Simple Download Monitor
4.3
CVSSv2
CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Api Gateway 11.1.2.4.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Business Intelligence 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Jd Edwards World Security A9.4
Oracle Business Intelligence 12.2.1.4.0
Oracle Enterprise Manager Base Platform 13.3.0.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager For Storage Management 13.4.0.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Mysql
Oracle Graalvm 19.3.4
Oracle Graalvm 20.3.0
Oracle Essbase 21.2
5 Github repositories
1 Article
4.3
CVSSv2
CVE-2020-5650
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and previous versions allows remote malicious users to inject an arbitrary script via unspecified vectors.
Tipsandtricks-hq Simple Download Monitor
4
CVSSv2
CVE-2021-24692
The Simple Download Monitor WordPress plugin prior to 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
Tipsandtricks-hq Simple Download Monitor
4
CVSSv2
CVE-2021-24698
The Simple Download Monitor WordPress plugin prior to 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.
Tipsandtricks-hq Simple Download Monitor
3.5
CVSSv2
CVE-2021-24694
The Simple Download Monitor WordPress plugin prior to 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "place...
Tipsandtricks-hq Simple Download Monitor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »