CVE-2021-24698

CVE-2021-24698: Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal

Vendor Unknown

Product Simple Download Monitor

Weakness CWE-284

Published November 8, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.

Key dates

02Disclosure timeline

November 8, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24698 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2024-0551 Download and export of file via default user role CVE-2024-33027 Improper Access Control in Graphics Linux CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability CVE-2026-24039 Horilla's Improper Access Control Allows Employees to Auto-Approve Documents CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus