WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.9.5.1) - Vulnerability Database

WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.9.5.1)

Description

WordPress Plugin Simple Download Monitor is prone to multiple vulnerabilities, including security bypass and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently remove thumbnails from downloads or reset the log entries, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Simple Download Monitor version 3.9.5.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.9.6 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:D7BDAF2B-CDD9-4AEE-B1BB-01728160FF25

https://sploitus.com/exploit?id=WPEX-ID:1FDA1356-77D8-4E77-9EE6-8F9CEEB3D380

https://sploitus.com/exploit?id=WPEX-ID:08F4C669-0000-4B17-B762-AE06F5D01538

https://plugins.svn.wordpress.org/simple-download-monitor/trunk/readme.txt

Related Vulnerabilities

Severity

High

Classification

CVE-2021-24695

CVE-2021-24698

CWE-200

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N