Description

WordPress Plugin Simple Download Monitor is prone to multiple vulnerabilities, including security bypass and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to perform otherwise restricted actions and subsequently delete thumbnail images or download files without entering a password, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Simple Download Monitor version 3.2.8 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.2.9 or latest

References

http://www.pritect.net/blog/simple-download-monitor-3-2-8-security-vulnerability

https://wordpress.org/plugins/simple-download-monitor/changelog/

Related Vulnerabilities

Apache HTTP Server CVE-2013-1862 Vulnerability (CVE-2013-1862)

WordPress Plugin Relevanssi-A Better Search Cross-Site Scripting (3.5.7.1)

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Security Bypass (1.0.27)

WordPress Plugin link-list-manager Cross-Site Scripting (1.0)

WordPress Plugin Feedify Remote Code Execution (2.0.0)

Severity

High

Classification

CWE-200 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update