Login Sign Up

CVE-2021-24693

9.0 CRITICAL
Cross-Site Scripting

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in the Simple Download Monitor WordPress plugin allows users with Contributor role or higher to inject malicious JavaScript via the 'File Thumbnail' field. The XSS executes even when downloads are in review state, potentially allowing attackers to compromise reviewer/admin accounts. WordPress sites using affected plugin versions are vulnerable.

💻 Affected Systems

Products:
  • Simple Download Monitor WordPress Plugin
Versions: All versions before 3.9.5
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with plugin enabled and at least one user with Contributor role or higher.

📦 What is this software?

Simple Download Monitor by Tipsandtricks Hq

View all CVEs affecting Simple Download Monitor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers create rogue admin accounts, install malicious plugins, take full control of WordPress site, and potentially compromise the entire web server.

🟠

Likely Case

Attackers steal admin session cookies, modify site content, redirect visitors to malicious sites, or install backdoors.

🟢

If Mitigated

With proper user role management and input validation, impact limited to content modification within Contributor permissions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires Contributor-level access. Attack payload executes when admin/reviewer views affected download.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.9.5

Vendor Advisory: https://wpscan.com/vulnerability/4bb559b7-8dde-4c90-a9a6-d8dcfbea53a7

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Simple Download Monitor. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.9.5+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Remove Contributor Access

all

Temporarily remove Contributor role from all users or restrict plugin access

Disable Plugin

all

Deactivate Simple Download Monitor plugin until patched

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to prevent XSS execution
  • Use web application firewall (WAF) rules to block XSS payloads in post meta fields

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Simple Download Monitor version number

Check Version:

wp plugin list --name='simple-download-monitor' --field=version

Verify Fix Applied:

Confirm plugin version is 3.9.5 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Unusual post meta updates by Contributor users
  • JavaScript payloads in wp_postmeta table

Network Indicators:

  • Suspicious JavaScript in HTTP responses for download pages

SIEM Query:

source="wordpress.log" AND "post_meta" AND ("File Thumbnail" OR "sdm_upload_thumbnail") AND javascript_patterns

📊 Metadata

CVE ID: CVE-2021-24693
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: November 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24693, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)