WordPress Simple Download Monitor Plugin <= 3.2.8 - Insufficient Authorisation
- Simple Download Monitor
- Because of this vulnerability, any user can access the "sdm_tiny_get_post_ids" action which will return a JSON encoded list of all "post_id"and "post_title" that were uploaded with this plugin.
- Upgrade the plugin.
OWASP Top 10 A2: Broken Authentication and Session Management
- Name CVE-N/A
Fixed In 3.2.9
- Disclosure date
- James Golovich