Tipsandtricks-hq Simple Download Monitor — known CVE vulnerabilities
Every CVE whose affected-product data names Tipsandtricks-hq Simple Download Monitor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-24693 — CVSS 9.0 (critical): The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some…
CVE-2020-5651 — CVSS 8.8 (high): SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a…
CVE-2021-24696 — CVSS 8.8 (high): The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF…
CVE-2021-24695 — CVSS 7.5 (high): The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or…
CVE-2021-24692 — CVSS 6.5 (medium): The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web…
CVE-2021-24697 — CVSS 6.1 (medium): The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sd…
CVE-2020-5650 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via…
CVE-2021-24694 — CVSS 5.4 (medium): The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site…
CVE-2021-24698 — CVSS 4.3 (medium): The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from…