The Simple Download Monitor WordPress plugin prior to 3.9.9 does not enforce nonce checks, which could allow malicious users to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tipsandtricks-hq simple download monitor |