WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.9.5.1)

Description

WordPress Plugin Simple Download Monitor is prone to multiple vulnerabilities, including security bypass and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently remove thumbnails from downloads or reset the log entries, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Simple Download Monitor version 3.9.5.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.9.6 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:D7BDAF2B-CDD9-4AEE-B1BB-01728160FF25

https://sploitus.com/exploit?id=WPEX-ID:1FDA1356-77D8-4E77-9EE6-8F9CEEB3D380

https://sploitus.com/exploit?id=WPEX-ID:08F4C669-0000-4B17-B762-AE06F5D01538

https://plugins.svn.wordpress.org/simple-download-monitor/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Admin renamer extended Cross-Site Request Forgery (3.2.1)

WordPress Plugin WP-Members Membership Unspecified Vulnerability (3.1.9.2)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4115)

WordPress Plugin WooCommerce-Store Toolkit Privilege Escalation (1.5.7)

WordPress Plugin Vertical News Scroller Cross-Site Scripting (1.9)

Severity

High

Classification

CVE-2021-24695 CVE-2021-24698 CWE-200 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags