Vulnerabilities > Tipsandtricks HQ > Simple Download Monitor > High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-24	CVE-2021-24696	Unspecified vulnerability in Tipsandtricks-Hq Simple Download Monitor The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads network low complexity tipsandtricks-hq	8.8
2021-11-08	CVE-2021-24695	Unspecified vulnerability in Tipsandtricks-Hq Simple Download Monitor The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames network low complexity tipsandtricks-hq	7.5
2020-10-21	CVE-2020-5651	SQL Injection vulnerability in Tipsandtricks-Hq Simple Download Monitor SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. network low complexity tipsandtricks-hq CWE-89	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.