CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24663 – WordPress Simple Download Monitor plugin <= 3.9.25 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-24663
24 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Ruhul Amin, Josh Lobe Simple Download Monitor allows Blind SQL Injection. This issue affects Simple Download Monitor: from n/a through 3.9.25. The Simple Download Monitor plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.9.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This... • https://patchstack.com/database/wordpress/plugin/simple-download-monitor/vulnerability/wordpress-simple-download-monitor-plugin-3-9-25-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30501 – WordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30501
08 Jan 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en WPChill Download Monitor. Este problema afecta a Download Monitor: desde n/a hasta 4.9.4. The Download Monitor plugin for WordPress is vulnerable to SQL Injection via the 'limit' parameter in all versions ... • https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-theme-4-9-4-admin-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-5212 – Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5212
02 Jan 2018 — The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. El plugin Simple Download Monitor en versiones anteriores a la 3.5.4 para WordPress tiene Cross-Site Scripting (XSS) mediante el parámetro sdm_upload_thumbnail (también conocido como File Thumbnail) en una acción edit en wp-admin/post.php. • https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-5213 – Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5213
02 Jan 2018 — The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. El plugin Simple Download Monitor en versiones anteriores a la 3.5.4 para WordPress tiene Cross-Site Scripting (XSS) mediante el parámetro sdm_upload (también conocido como Downloadable File) en una acción edit en wp-admin/post.php. • https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •