Search criteria
5 vulnerabilities found for Simple Download Monitor by Tips and Tricks HQ
CVE-2020-5651 (GCVE-0-2020-5651)
Vulnerability from cvelistv5 – Published: 2020-10-21 15:15 – Updated: 2024-08-04 08:39
VLAI?
Summary
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.
Severity ?
No CVSS data available.
CWE
- SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tips and Tricks HQ | Simple Download Monitor |
Affected:
3.8.8 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Download Monitor",
"vendor": "Tips and Tricks HQ",
"versions": [
{
"status": "affected",
"version": "3.8.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T15:15:18",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Download Monitor",
"version": {
"version_data": [
{
"version_value": "3.8.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Tips and Tricks HQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/simple-download-monitor/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"name": "https://jvn.jp/en/jp/JVN31425618/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5651",
"datePublished": "2020-10-21T15:15:18",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5650 (GCVE-0-2020-5650)
Vulnerability from cvelistv5 – Published: 2020-10-21 15:15 – Updated: 2024-08-04 08:39
VLAI?
Summary
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tips and Tricks HQ | Simple Download Monitor |
Affected:
3.8.8 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Download Monitor",
"vendor": "Tips and Tricks HQ",
"versions": [
{
"status": "affected",
"version": "3.8.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T15:15:17",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Download Monitor",
"version": {
"version_data": [
{
"version_value": "3.8.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Tips and Tricks HQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/simple-download-monitor/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"name": "https://jvn.jp/en/jp/JVN31425618/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5650",
"datePublished": "2020-10-21T15:15:17",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5651 (GCVE-0-2020-5651)
Vulnerability from nvd – Published: 2020-10-21 15:15 – Updated: 2024-08-04 08:39
VLAI?
Summary
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.
Severity ?
No CVSS data available.
CWE
- SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tips and Tricks HQ | Simple Download Monitor |
Affected:
3.8.8 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Download Monitor",
"vendor": "Tips and Tricks HQ",
"versions": [
{
"status": "affected",
"version": "3.8.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T15:15:18",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Download Monitor",
"version": {
"version_data": [
{
"version_value": "3.8.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Tips and Tricks HQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/simple-download-monitor/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"name": "https://jvn.jp/en/jp/JVN31425618/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5651",
"datePublished": "2020-10-21T15:15:18",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5650 (GCVE-0-2020-5650)
Vulnerability from nvd – Published: 2020-10-21 15:15 – Updated: 2024-08-04 08:39
VLAI?
Summary
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tips and Tricks HQ | Simple Download Monitor |
Affected:
3.8.8 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple Download Monitor",
"vendor": "Tips and Tricks HQ",
"versions": [
{
"status": "affected",
"version": "3.8.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T15:15:17",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Download Monitor",
"version": {
"version_data": [
{
"version_value": "3.8.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Tips and Tricks HQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/simple-download-monitor/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/simple-download-monitor/"
},
{
"name": "https://jvn.jp/en/jp/JVN31425618/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN31425618/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5650",
"datePublished": "2020-10-21T15:15:17",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2020-000069
Vulnerability from jvndb - Published: 2020-10-21 14:50 - Updated:2020-10-21 14:50
Severity ?
Summary
Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"
Details
WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2020-5650
* SQL Injection (CWE-89) - CVE-2020-5651
Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own.
After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000069.html",
"dc:date": "2020-10-21T14:50+09:00",
"dcterms:issued": "2020-10-21T14:50+09:00",
"dcterms:modified": "2020-10-21T14:50+09:00",
"description": "WordPress Plugin \"Simple Download Monitor\" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below.\r\n* Cross-site Scripting (CWE-79) - CVE-2020-5650\r\n* SQL Injection (CWE-89) - CVE-2020-5651\r\n\r\nGen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own.\r\nAfter coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000069.html",
"sec:cpe": {
"#text": "cpe:/a:tips_and_tricks_hq:simple_download_monitor",
"@product": "Simple Download Monitor",
"@vendor": "Tips and Tricks HQ",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000069",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN31425618/index.html",
"@id": "JVN#31425618",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5650",
"@id": "CVE-2020-5650",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5651",
"@id": "CVE-2020-5651",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5650",
"@id": "CVE-2020-5650",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5651",
"@id": "CVE-2020-5651",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Multiple vulnerabilities in WordPress Plugin \"Simple Download Monitor\""
}