ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Simple Download Monitor Plugin <= 3.2.8 - Insufficient Authorisation

Product
Simple Download Monitor
Description
Because of this vulnerability, any user can access the "sdm_tiny_get_post_ids" action which will return a JSON encoded list of all "post_id"and "post_title" that were uploaded with this plugin.
Solution
Upgrade the plugin.
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Pritect
CVE
Name CVE-N/A
Versions
Affected In <= 3.2.8
Fixed In 3.2.9
Disclosure date
2016-01-19
Credits
James Golovich