Description
WordPress Plugin Simple Download Button Shortcode is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Simple Download Button Shortcode version 1.0 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.1 or latest
References
Related Vulnerabilities
WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.3)
WordPress Plugin JupiterX Core Privilege Escalation (2.0.7)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)
WordPress Plugin Simply Instagram Cross-Site Scripting (1.2.6)