3 matches found
CVE-2025-1730
The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simpledownloadcounterdownloadhandler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data includi...
CVE-2025-1730 Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read
The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simpledownloadcounterdownloadhandler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data includi...
CVE-2025-1730
CVE-2025-1730 affects the WordPress Simple Download Counter plugin up to version 2.0, enabling an Arbitrary File Read via the simple_download_counter_download_handler. Exploitation requires authenticated access at Author level or higher; impact includes reading sensitive local files (e.g., wp-con...