Simple Download Monitor WordPress Plugin Vulnerability: SQLi < v3.8.9

The Simple Download Monitor plugin for WordPress allows websites to manage and track digital downloads.

If you are using the Simple download Monitor plugin less than v3.8.9 (all versions prior are affected) it’s recommended you update immediately.

The vulnerability allows remote attackers to execute SQL commands.

This alert is now listed as CVE-2020-5651 in the Mitre CVE Database.

Fortunately this attack is unlikely to be executed by bot nets due to the vulnerability being executed only when a user is logged in.

However, you should still update to the latest version 3.8.9 to ensure your websites security.

Be sure to use our Free WordPress Theme, Plugin and Security Scanner to check your website for security issues.

Leave a Reply