Descrição
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24696
Tags
Nâo informado
Data de publicação
24/01/2022
Última atualização
08/12/2024
Pontuação em CVSS 3.0
8.8
Alto