CVE-2021-24693 – Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail
https://notcve.org/view.php?id=CVE-2021-24693
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.5, no escapa de la meta del post "File Thumbnail" antes de mostrarla en algunas páginas, que podría permitir a usuarios con un rol tan bajo como el de Contribuyente llevar a cabo ataques de tipo Cross-Site Scripting Almacenado. Dado que el ataque de tipo XSS es desencadenado incluso cuando la descarga está en un estado de revisión, el colaborador podría hacer que el código JavaScript se ejecute en un contexto de un revisor como administrador y hacer que creen una cuenta de administrador falsa, o instalar un plugin malicioso • https://wpscan.com/vulnerability/4bb559b7-8dde-4c90-a9a6-d8dcfbea53a7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24692 – Simple Download Monitor < 3.9.5 - Contributor+ Arbitrary File Download via Path Traversal
https://notcve.org/view.php?id=CVE-2021-24692
The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector. El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.5, permite a usuarios con un rol tan bajo como el de Contribuyente descargar cualquier archivo del servidor web (como wp-config.php) por medio de un vector de path traversal • https://wpscan.com/vulnerability/4c9fe97e-3d9b-4079-88d9-34e2d0605215 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-5650 – Simple Download Monitor <= 3.8.8 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-5650
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo Cross-site scripting en Simple Download Monitor versiones 3.8.8 y anteriores, permite a atacantes remotos inyectar script arbitrario por medio de vectores no especificados The Simple Download Monitor plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping on the User-Agent header. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://jvn.jp/en/jp/JVN31425618/index.html https://wordpress.org/plugins/simple-download-monitor • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5651 – Simple Download Monitor <= 3.8.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-5651
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. Una vulnerabilidad de inyección de SQL en Simple Download Monitor versiones 3.8.8 y anteriores, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de una URL especialmente diseñada The Simple Download Monitor plugin for WordPress is vulnerable to generic SQL Injection in versions up to, and including, 3.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database if an authenticated user clicks on a malicious URL. • https://jvn.jp/en/jp/JVN31425618/index.html https://wordpress.org/plugins/simple-download-monitor • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-5212 – Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5212
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. El plugin Simple Download Monitor en versiones anteriores a la 3.5.4 para WordPress tiene Cross-Site Scripting (XSS) mediante el parámetro sdm_upload_thumbnail (también conocido como File Thumbnail) en una acción edit en wp-admin/post.php. • https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805 https://github.com/Arsenal21/simple-download-monitor/issues/27 https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •