CVE-2021-24695

HIGH

Simple Download Monitor <3.9.6 - Info Disclosure

Title source: llm

Description

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25

Scores

CVSS v3 7.5

EPSS 0.0134

EPSS Percentile 80.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-425

Status published

Products (1)

tipsandtricks-hq/simple_download_monitor < 3.9.5

Published Nov 08, 2021

Tracked Since Feb 18, 2026