WordPress Simple Download Monitor plugin <= 3.8.8 - SQL Injection (SQLi) vulnerability

Back

Product: Simple Download Monitor
Description: SQL Injection (SQLi) vulnerability found by Gen Sato (Mitsui Bussan Secure Directions) in WordPress Simple Download Monitor plugin (versions <= 3.8.8).
Solution: Update the WordPress Simple Download Monitor plugin to the latest available version (at least 3.8.9).
Classification: Type SQL Injection
OWASP Top 10 A1: Injection
References: Vulnerability details
Plugin changelog
CVE: Name CVE-2020-5651
Versions: Affected In <= 3.8.8
Fixed In 3.8.9
Disclosure date: 2020-10-21
Credits: Gen Sato (Mitsui Bussan Secure Directions)

ThreatPress