WordPress Simple CSV Table plugin <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read vulnerability

Directory Traversal to Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Ivan Cese in WordPress Plugin Simple CSV Table versions = 1.0.1...

CVE-2025-12960 Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...

CVE-2025-12960 Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...

EUVD-2025-203062

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...

WordPress plugin Simple CSV Table 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path traversal...