CVE-2025-1730

by Fred · 01/03/2025

The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the ‘simple_download_counter_download_handler’. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including any local file on the server, such as wp-config.php or /etc/passwd.

Assigner : [email protected]

More information : https://plugins.trac.wordpress.org/browser/simple-download-counter/tags/2.0/inc/functions-core.php#L328

CVE-2025-1730

Similar

Recent Posts

Categories

CVE-2025-1730

Share this:

Similar

Recent Posts

Categories

Tags