PT-2025-34965 · WordPress · Simple Download Monitor
Đức Tài
·
Publicado
2025-08-28
·
Atualizado
2025-08-28
·
CVE-2025-8977
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Simple Download Monitor plugin for WordPress versions through 3.9.33
Description:
The Simple Download Monitor plugin for WordPress is susceptible to time-based SQL Injection via the
order parameter. Insufficient escaping of user-supplied input and inadequate SQL query preparation allow authenticated attackers with Contributor-level access or higher (with permissions granted by an Administrator) to append additional SQL queries to existing ones, potentially extracting sensitive information from the database.Recommendations:
Update the Simple Download Monitor plugin to a version beyond 3.9.33.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Simple Download Monitor