CVE-2021-24696
Simple Download Monitor < 3.9.9 - Multiple CSRF
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads
El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.9, no aplica las comprobaciones de nonce, lo que podría permitir a atacantes llevar a cabo ataques de tipo CSRF para 1) hacer que los administradores exporten los registros para explotar una vulnerabilidad de divulgación de registros independiente (corregida en versión 3.9.6), 2) eliminar los registros (corregida en versión 3.9.9), 3) eliminar la imagen en miniatura de las descargas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-12-21 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/e94772af-39ac-4743-a556-52351ebda9fe | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tipsandtricks-hq Search vendor "Tipsandtricks-hq" | Simple Download Monitor Search vendor "Tipsandtricks-hq" for product "Simple Download Monitor" | < 3.9.9 Search vendor "Tipsandtricks-hq" for product "Simple Download Monitor" and version " < 3.9.9" | wordpress |
Affected
| ||||||