CVE-2018-5212

Name of the Vulnerable Software and Affected Versions Simple Download Monitor plugin versions prior to 3.5.4

Description The issue allows for XSS via the sdm upload thumbnail parameter in an edit action to the "/wp-admin/post.php" endpoint. This affects the plugin's functionality related to file thumbnails.

Recommendations For versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the edit action in wp-admin/post.php to minimize the risk of exploitation. Avoid using the sdm upload thumbnail parameter in the affected endpoint until the issue is resolved.