WordPress Plugin Vulnerabilities

Simple Download Monitor < 3.8.9 - Unauthenticated Cross-Site Scripting

Description

Gen Sato of Mitsui Bussan Secure Directions, discovered an unauthenticated Cross-Site Scripting issue

Affects Plugins

Plugin icon
simple-download-monitor
Fixed in 3.8.9

References

CVE
CVE-2020-5650
URL
https://jvn.jp/en/jp/JVN31425618/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Gen Sato of Mitsui Bussan Secure Directions
Verified
No
WPVDB ID
074133bc-69a8-4e48-9f45-d3b45a34a167

Timeline

Publicly Published
2020-10-21 (about 5 years ago)
Added
2020-10-21 (about 5 years ago)
Last Updated
2020-10-23 (about 5 years ago)

Other

Published
Title
Published
2025-06-03
Title
Revolution Video Player <= 2.9.2 - Reflected Cross-Site Scripting
Published
2025-03-19
Title
Off Page SEO <= 3.0.3 - Reflected Cross-Site Scripting
Published
2024-06-05
Title
kbucket < 4.1.5 - Reflected XSS
Published
2025-04-25
Title
Posts for Page <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-06-26
Title
Homey <= 2.4.5 - Reflected Cross-Site Scripting