CVE-2021-24695

Summary

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

Affected Software

VendorProductVersion RangeStatus
UnknownSimple Download Monitor3.9.6 < 3.9.6affected

Weaknesses

  • CWE-425: CWE-425 Direct Request ('Forced Browsing')

ADP Enrichment

CVE Program Container

Additional References

References