Description
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25
Scores
CVSS v3
7.5
EPSS
0.0163
EPSS Percentile
73.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-425
Status
published
Products (1)
tipsandtricks-hq/simple_download_monitor
< 3.9.5
Published
Nov 08, 2021
Tracked Since
Feb 18, 2026