Description
WordPress Plugin Simple Download Button Shortcode is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Simple Download Button Shortcode version 1.0 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.1 or latest
References
Related Vulnerabilities
IBM WebSEAL Missing Authorization Vulnerability (CVE-2020-4499)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-12459)
Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4729)
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)