First published: Mon Nov 08 2021(Updated: )
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Simple Download Monitor | <3.9.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-24697.
The affected software is the Simple Download Monitor WordPress plugin before version 3.9.5.
The severity of CVE-2021-24697 is medium with a CVSS score of 6.1.
The CWE category of this vulnerability is CWE-79 (Improper Neutralization of Input During Web Page Generation).
To fix this vulnerability, update the Simple Download Monitor WordPress plugin to version 3.9.5 or later.