exploitDog

GHSA-58fg-5cpg-7jjv

Опубликовано: 25 янв. 2022

Источник: github

Github: Не прошло ревью

Описание

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads

Ссылки

EPSS

Процентиль: 30%

0.00109

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-24696

CVSS3: 8.8

nvd

около 4 лет назад

The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads

EPSS

Процентиль: 30%

0.00109

Низкий

CVE ID

Дефекты

CWE-352