Simple Download Monitor

Vulnerabilities 24Slug simple-download-monitorLatest version 4.0.6WordPress.org →

Minimum safe version

4.0.6

Update to 4.0.6 or later to address 24 fixable vulnerabilities

Latest available4.0.6 ✓

N/A

2026-02-26< 4.0.6

Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

Wordfence CVE

Medium 6.5

2025-08-28< 3.9.34

Simple Download Monitor <= 3.9.33 - Simple Download Monitor <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality

EUVD Wordfence CVE

Medium 6.5

2025-08-27< 3.9.35

CVE-2025-58197

CVE Wordfence EUVD

High 7.6

2025-01-24< 3.9.26

CVE-2025-24663

CVE Patchstack Wordfence EUVD

N/A

< 3.2.9

Simple Download Monitor <= 3.2.8 - Insufficient Authorisation

WPScan

N/A

< 3.9.6

Simple Download Monitor < 3.9.6 - Unauthorised Log Reset

WPScan

N/A

2023-10-05< 3.9.6

WordPress Simple Download Monitor Plugin <= 3.9.5 is vulnerable to Broken Access Control

Patchstack

N/A

2023-10-05< 3.9.6

WordPress Simple Download Monitor Plugin <= 3.9.5 is vulnerable to Broken Access Control

Patchstack

N/A

2023-01-19< 3.2.9

WordPress Simple Download Monitor Plugin <= 3.2.8 is vulnerable to Bypass Vulnerability

Patchstack

N/A

2016-01-19< 3.2.9

Simple Download Monitor <= 3.2.8 - Missing Authorization

Wordfence

N/A

2021-10-05< 3.9.6

Simple Download Monitor <= 3.9.5 - Log Reset

Wordfence

N/A

2016-01-19< 3.2.9

WordPress Simple Download Monitor Plugin <= 3.2.8 - Insufficient Authorisation

Patchstack

N/A

2021-10-05< 3.9.6

WordPress Simple Download Monitor plugin <= 3.9.5 - Unauthorized Log Reset vulnerability

Patchstack

Medium 5.4

2023-01-09< 3.5.4

WordPress Simple Download Monitor Plugin <= 3.5.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack Patchstack CVE Wordfence WPScan

Medium 5.4

2023-01-09< 3.5.4

WordPress Simple Download Monitor Plugin <= 3.5.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack Patchstack CVE Wordfence

High 8.8

2023-10-21< 3.8.9

WordPress Simple Download Monitor Plugin <= 3.8.8 is vulnerable to SQL Injection

Patchstack CVE JVN Patchstack Wordfence

Medium 6.1

2023-10-21< 3.8.9

WordPress Simple Download Monitor Plugin <= 3.8.8 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE JVN Patchstack Wordfence WPScan WPScan

Medium 4.3

2021-11-08< 3.9.6

CVE-2021-24698

CVE Patchstack Wordfence WPScan

Medium 6.1

2023-10-05< 3.9.11

WordPress Simple Download Monitor Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Patchstack Wordfence WPScan

High 7.5

2023-10-05< 3.9.11

WordPress Simple Download Monitor Plugin <= 3.9.5.1 is vulnerable to Sensitive Data Exposure

Patchstack CVE Patchstack Wordfence WPScan

Critical 9.0

2023-10-05< 3.9.11

WordPress Simple Download Monitor Plugin <= 3.9.5.1 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Patchstack Wordfence WPScan

High 8.8

2023-12-21< 3.9.11

WordPress Simple Download Monitor Plugin <= 3.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack CVE Patchstack Wordfence WPScan

Medium 5.4

2023-12-21< 3.9.11

WordPress Simple Download Monitor Plugin <= 3.9.10 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Patchstack Wordfence WPScan

Medium 6.5

2022-03-14< 3.9.5

CVE-2021-24692

CVE Wordfence WPScan