High severity8.8NVD Advisory· Published Jan 24, 2022· Updated Jun 17, 2026
CVE-2021-24696
CVE-2021-24696
Description
The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.9.9
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/e94772af-39ac-4743-a556-52351ebda9fenvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.