WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Simple Download Monitor <= 3.5.3 - Authenticated Cross-Site Scripting (XSS)

Description

The Simple Download Monitor WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

simple-download-monitor
Fixed in version 3.5.4

References

CVE
CVE-2018-5212
CVE
CVE-2018-5213
URL
https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805
URL
https://github.com/Arsenal21/simple-download-monitor/issues/27
URL
https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
36285336-ad31-4e22-a9a6-ae55c5852d6e

Timeline

Publicly Published

2018-01-02 (about 4 years ago)

Added

2018-01-09 (about 4 years ago)

Last Updated

2020-09-22 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin