Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple download monitor vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-5212
The Simple Download Monitor plugin prior to 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
Simple Download Monitor Project Simple Download Monitor 3.5.4
5.4
CVSSv3
CVE-2018-5213
The Simple Download Monitor plugin prior to 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.
Simple Download Monitor Project Simple Download Monitor 3.5.4
6.5
CVSSv3
CVE-2021-24692
The Simple Download Monitor WordPress plugin prior to 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
Tipsandtricks-hq Simple Download Monitor
5.4
CVSSv3
CVE-2021-24694
The Simple Download Monitor WordPress plugin prior to 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "place...
Tipsandtricks-hq Simple Download Monitor
7.5
CVSSv3
CVE-2021-24695
The Simple Download Monitor WordPress plugin prior to 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses an...
Tipsandtricks-hq Simple Download Monitor
6.1
CVSSv3
CVE-2021-24697
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Tipsandtricks-hq Simple Download Monitor
6.1
CVSSv3
CVE-2020-5650
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and previous versions allows remote malicious users to inject an arbitrary script via unspecified vectors.
Tipsandtricks-hq Simple Download Monitor
8.8
CVSSv3
CVE-2020-5651
SQL injection vulnerability in Simple Download Monitor 3.8.8 and previous versions allows remote malicious users to execute arbitrary SQL commands via a specially crafted URL.
Tipsandtricks-hq Simple Download Monitor
9
CVSSv3
CVE-2021-24693
The Simple Download Monitor WordPress plugin prior to 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is...
Tipsandtricks-hq Simple Download Monitor
4.3
CVSSv3
CVE-2021-24698
The Simple Download Monitor WordPress plugin prior to 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.
Tipsandtricks-hq Simple Download Monitor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »