CVE-2021-24694 – Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes
https://notcve.org/view.php?id=CVE-2021-24694
The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "placeholder" argument of sdm_search_form shortcode. El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.11, podía permitir a usuarios con un rol tan bajo como el de Contribuyente llevar a cabo un ataque de tipo Cross-Site Scripting Almacenado por medio de 1) el argumento "color" o "css_class" del shortcode sdm_download, 2) el argumento "class" o "placeholder" del shortcode sdm_search_form • https://wpscan.com/vulnerability/9d0d8f8c-f8fb-457f-b557-255a052ccc32 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24696 – Simple Download Monitor < 3.9.9 - Multiple CSRF
https://notcve.org/view.php?id=CVE-2021-24696
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.9, no aplica las comprobaciones de nonce, lo que podría permitir a atacantes llevar a cabo ataques de tipo CSRF para 1) hacer que los administradores exporten los registros para explotar una vulnerabilidad de divulgación de registros independiente (corregida en versión 3.9.6), 2) eliminar los registros (corregida en versión 3.9.9), 3) eliminar la imagen en miniatura de las descargas • https://wpscan.com/vulnerability/e94772af-39ac-4743-a556-52351ebda9fe • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-24698 – Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal
https://notcve.org/view.php?id=CVE-2021-24698
The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download. El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.6, permite a usuarios con un rol tan bajo como el de Contribuyente eliminar las miniaturas de las descargas de las que no son propietarios, incluso si normalmente no pueden editar la descarga • https://wpscan.com/vulnerability/1fda1356-77d8-4e77-9ee6-8f9ceeb3d380 • CWE-284: Improper Access Control •
CVE-2021-24695 – Simple Download Monitor < 3.9.6 - Unauthenticated Log Access
https://notcve.org/view.php?id=CVE-2021-24695
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.6, guarda los registros en una ubicación predecible y no presenta ninguna autenticación o autorización para evitar que los usuarios no autenticados descarguen y lean los registros que contienen información confidencial como direcciones IP y nombres de usuario • https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVE-2021-24697 – Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24697
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.5, no escapa de los parámetros 1) sdm_active_tab GET y 2) sdm_stats_start_date/sdm_stats_end_date POST antes de devolverlos en atributos, conllevando a problemas de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/ef9ae513-6c29-45c2-b5ae-4a06a217c499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •