CVE-2021-24698 : Security Advisory and Response
The Simple Download Monitor WordPress plugin before 3.9.6 allows Contributors to remove thumbnails, posing a security risk. Learn more about CVE-2021-24698.
The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.