The Simple Download Monitor... CVE-2021-24696

6.8 AV AC AU C I A
发布: 2022-01-24
修订: 2024-11-21

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有1条受影响产品信息