CVE-2021-24693 — Cross-site Scripting in Simple Download Monitor

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

9.0CRITICALNVD

EPSS

0.6%

top 29.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tipsandtricks-hq Simple Download Monitor

Timeline

PublishedNov 8

Latest updateMay 24

Description

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

▶NVDtipsandtricks-hq/simple_download_monitor< 3.9.5

🔴Vulnerability Details

GHSA

GHSA-7pfq-9m7r-jmg6: The Simple Download Monitor WordPress plugin before 3↗2022-05-24

▶

CVEList

Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail↗2021-11-08

▶