CVE-2021-24695

Name of the Vulnerable Software and Affected Versions Simple Download Monitor WordPress plugin versions prior to 3.9.6

Description The issue allows unauthenticated users to download and read logs containing sensitive information, such as IP addresses and usernames, due to the logs being saved in a predictable location without any authentication or authorization in place.

Recommendations For versions prior to 3.9.6, update to version 3.9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to prevent unauthenticated users from downloading and reading them.