CVE-2021-24696

Name of the Vulnerable Software and Affected Versions Simple Download Monitor WordPress plugin versions prior to 3.9.9

Description The issue allows attackers to perform CSRF attacks, potentially leading to several outcomes, including making admins export logs to exploit a separate log disclosure vulnerability, deleting logs, and removing thumbnail images from downloads. The log disclosure vulnerability was fixed in version 3.9.6.

Recommendations For versions prior to 3.9.9, update to version 3.9.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the log export and deletion functions until a patch is available. Avoid using the plugin's log management features until the issue is resolved.