CVE-2021-24695

Published: Nov 8, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

Affected (1)

Products: Tipsandtricks Hq: Simple Download Monitor

Tipsandtricks Hq

1 product

Simple Download Monitor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tipsandtricks Hq Simple Download Monitor	Before 3.9.5

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (2)

https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.