First published: Mon Nov 08 2021(Updated: )
The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Simple Download Monitor | <3.9.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-24698.
The severity of CVE-2021-24698 is medium with a score of 4.3.
The affected software is the Simple Download Monitor WordPress plugin version up to 3.9.6.
The impact of CVE-2021-24698 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own.
To fix CVE-2021-24698, update the Simple Download Monitor plugin to version 3.9.6 or higher.