PT-2025-34965 · WordPress · Simple Download Monitor
Đức Tài
·
Published
2025-08-28
·
Updated
2025-08-28
·
CVE-2025-8977
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Simple Download Monitor plugin for WordPress versions through 3.9.33
Description:
The Simple Download Monitor plugin for WordPress is susceptible to time-based SQL Injection via the
order parameter. Insufficient escaping of user-supplied input and inadequate SQL query preparation allow authenticated attackers with Contributor-level access or higher (with permissions granted by an Administrator) to append additional SQL queries to existing ones, potentially extracting sensitive information from the database.Recommendations:
Update the Simple Download Monitor plugin to a version beyond 3.9.33.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple Download Monitor