CVE-2021-24695: Simple Download Monitor < 3.9.6 - Unauthenticated Log Access
First published: Mon Nov 08 2021(Updated: )
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tipsandtricks-hq Simple Download Monitor | <3.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the Simple Download Monitor WordPress plugin vulnerability?
The vulnerability ID is CVE-2021-24695.
What is the severity of CVE-2021-24695?
The severity of CVE-2021-24695 is high with a CVSS score of 7.5.
How does CVE-2021-24695 impact the Simple Download Monitor WordPress plugin?
CVE-2021-24695 allows unauthenticated users to download and read logs containing sensitive information such as IP addresses and usernames.
Which version of the Simple Download Monitor WordPress plugin is affected by CVE-2021-24695?
The Simple Download Monitor WordPress plugin versions up to but excluding 3.9.6 are affected by CVE-2021-24695.
How can I fix the vulnerability CVE-2021-24695 in the Simple Download Monitor WordPress plugin?
To fix CVE-2021-24695, update the Simple Download Monitor plugin to version 3.9.6 or higher.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/tipsandtricks-hq
- canonical/tipsandtricks-hq simple download monitor