{"id":"CVE-2018-5213","details":"The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.","modified":"2026-03-14T09:29:52.542016Z","published":"2018-01-04T18:29:00.307Z","references":[{"type":"WEB","url":"https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/"},{"type":"FIX","url":"https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805"},{"type":"EVIDENCE","url":"https://github.com/Arsenal21/simple-download-monitor/issues/27"},{"type":"EVIDENCE","url":"https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/arsenal21/simple-download-monitor","events":[{"introduced":"0"},{"fixed":"8ab8b9166bc87feba26a1573cf595af48eff7805"}]},{"type":"GIT","repo":"https://github.com/arsenal21/simple-download-monitor","events":[{"introduced":"0"},{"fixed":"8ab8b9166bc87feba26a1573cf595af48eff7805"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.5.4"}]},{"events":[{"introduced":"0"},{"fixed":"3.5.4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5213.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}