WordPress Plugin Vulnerabilities

Simple Download Monitor <= 3.5.3 - Authenticated Cross-Site Scripting (XSS)

Description

The Simple Download Monitor WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
simple-download-monitor
Fixed in 3.5.4

References

CVE
CVE-2018-5212
CVE
CVE-2018-5213
URL
https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805
URL
https://github.com/Arsenal21/simple-download-monitor/issues/27
URL
https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
36285336-ad31-4e22-a9a6-ae55c5852d6e

Timeline

Publicly Published
2018-01-02 (about 8 years ago)
Added
2018-01-09 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-24
Title
Zoho Creator Forms <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-01-22
Title
PDF Generator For Fluent Forms < 1.1.8 - Cross-Site Scripting
Published
2025-02-22
Title
Greenshift < 10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-15
Title
WP Responsive Tabs < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-10-25
Title
EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting