The Simple Download Monitor plugin prior to 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple download monitor project simple download monitor 3.5.4 |