CVE-2021-24696

Simple Download Monitor < 3.9.9 - Multiple CSRF

EPSS 0.6%CWE-352

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 jan 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads

Produtos afetados

Unknown · Simple Download Monitor

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/e94772af-39ac-4743-a556-52351ebda9fe