exploitDog

CVE-2021-24695

Опубликовано: 08 нояб. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

Ссылки

https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tipsandtricks-hq:simple_download_monitor:*:*:*:*:*:wordpress:*:*

Версия до 3.9.5 (исключая)

EPSS

Процентиль: 80%

0.01339

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-425

CWE-425

Связанные уязвимости

GHSA-vh6h-77mp-jg82

CVSS3: 7.5

github

больше 3 лет назад

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

EPSS

Процентиль: 80%

0.01339

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-425

CWE-425