WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Back

Product: Simple Download Monitor
Description: Unauthenticated Cross-Site Scripting (XSS) vulnerability found by Gen Sato (Mitsui Bussan Secure Directions) in WordPress Simple Download Monitor plugin (versions <= 3.8.8 ).
Solution: Update the WordPress Simple Download Monitor plugin to the latest available version (at least 3.8.9).
Classification: Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References: Plugin changelog
Vulnerability details
CVE: Name CVE-2020-5650
Versions: Affected In <= 3.8.8
Fixed In 3.8.9
Disclosure date: 2020-10-21
Credits: Gen Sato (Mitsui Bussan Secure Directions)

ThreatPress