CVE-2021-24697 is a medium-severity vulnerability affecting the Simple Download Monitor WordPress plugin versions prior to 3.9.5. This vulnerability allows attackers to exploit reflected cross-site scripting (XSS) issues due to the plugin not properly escaping certain user-supplied input parameters before rendering them in the output. The parameters in question are the sdm_active_tab GET parameter and the sdm_stats_start_date/sdm_stats_end_date POST parameters.
The vulnerability carries a CVSS score of 6.1, indicating a medium level of severity. The risk to organizations includes potential unauthorized access to sensitive information through XSS, which could lead to session hijacking or the execution of malicious scripts in the context of the user's session.
As of now, there are no known exploits publicly available for this vulnerability, and it is not included in the Known Exploited Vulnerabilities (KEV) catalog. However, organizations should remain vigilant as the absence of known exploits does not eliminate the possibility of exploitation by malicious actors.
Organizations using the Simple Download Monitor plugin are advised to prioritize patching this vulnerability immediately to safeguard against potential attacks.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)