CVE-2021-24697

CVE-2021-24697: Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting

Vendor Unknown

Product Simple Download Monitor

Weakness CWE-79 · XSS

Published November 8, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

Key dates

02Disclosure timeline

November 8, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24697

Related vulnerabilities

04Related CVE

CVE-2025-14200 alokjaiswal Hotel-Management-services-using-MYSQL-and-php Request Pending usersub.php cross site scripting CVE-2026-1905 Sphere Manager <= 1.0.2 - Authenticated (Contributor+) Cross-Site Scripting via 'width' Shortcode Attribute CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius CVE-2025-52896 Frappe authenticated XSS via data import CVE-2025-47518 WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.3.4 - Cross Site Scripting (XSS) Vulnerability