CVE-2021-24695 Information

Description

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5