Security Advisory

CVE-2021-24696

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-24 08:00:48

Last updated 2024-08-03 19:42:16

Assigner WPScan

State PUBLISHED

Description

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads

← Browse all CVEs View on cve.org ↗