WordPress Plugin Vulnerabilities

Simple Download Monitor < 3.8.9 - SQL Injection

Description

Gen Sato of Mitsui Bussan Secure Directions, discovered an Authenticated (admin+) SQL Injection issue, which could result in an arbitrary SQL command executed if a user accesses a specially crafted URL while logged in.

Affects Plugins

simple-download-monitor

Fixed in version 3.8.9

References

CVE

CVE-2020-5651

URL

https://jvn.jp/en/jp/JVN31425618/

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Gen Sato of Mitsui Bussan Secure Directions

Verified

WPVDB ID

a0d71b73-05ce-44bb-8902-cedcd743a9ff

Timeline

Publicly Published

2020-10-21 (about 2 years ago)

Added

2020-10-21 (about 2 years ago)

Last Updated

2020-10-23 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin