{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12583", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-31T21:49:34.280Z", "datePublished": "2025-11-08T02:28:03.760Z", "dateUpdated": "2026-04-08T17:23:39.130Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:23:39.130Z"}, "affected": [{"vendor": "neofix", "product": "Simple Downloads List", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_neofix_sdl_edit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to alter many of the plugin's settings/downloads and inject malicious web scripts."}], "title": "Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbee3d3b-383b-48f5-be63-61cd692a18a0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-downloads-list/tags/1.5.0/admin/adminpanel_v3.php?rev=3388438"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=/simple-downloads-list/tags/1.4.3&new_path=/simple-downloads-list/tags/1.5.0&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Md. Moniruzzaman Prodhan"}], "timeline": [{"time": "2025-11-01T01:47:48.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-07T14:19:32.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-10T20:16:23.479306Z", "id": "CVE-2025-12583", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-10T20:17:37.487Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-10T20:16:23.479306Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-10T20:17:32.061Z"}}], "cna": {"title": "Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Md. Moniruzzaman Prodhan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "neofix", "product": "Simple Downloads List", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.4.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-01T01:47:48.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-07T14:19:32.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbee3d3b-383b-48f5-be63-61cd692a18a0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-downloads-list/tags/1.5.0/admin/adminpanel_v3.php?rev=3388438"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=/simple-downloads-list/tags/1.4.3&new_path=/simple-downloads-list/tags/1.5.0&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_neofix_sdl_edit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to alter many of the plugin's settings/downloads and inject malicious web scripts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:23:39.130Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12583", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:23:39.130Z", "dateReserved": "2025-10-31T21:49:34.280Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-08T02:28:03.760Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_neofix_sdl_edit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to alter many of the plugin's settings/downloads and inject malicious web scripts."}], "id": "CVE-2025-12583", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-08T03:15:36.350", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/simple-downloads-list/tags/1.5.0/admin/adminpanel_v3.php?rev=3388438"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?old_path=/simple-downloads-list/tags/1.4.3&new_path=/simple-downloads-list/tags/1.5.0&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbee3d3b-383b-48f5-be63-61cd692a18a0?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:48:28.888140+00:00", "value": {"mitigation_remediation": ["Upgrade the Simple Downloads List plugin to version 1.5.0 or later, which adds the missing capability checks and XSS safeguards.", "Disable or remove the Simple Downloads List plugin if an upgrade cannot be performed immediately to eliminate the attack surface.", "Trim Subscriber or higher role permissions so that those users cannot access the wp_ajax_neofix_sdl_edit endpoint, for example by using a role\u2011management plug\u2011in to restrict Ajax capabilities."], "summary": {"action": "Apply Patch", "impact": "Unauthorized modification and stored XSS via AJAX endpoint"}, "threat_synthesis": {"affected_systems": "Simple Downloads List plugin for WordPress, versions up to and including 1.4.3. Affected users are those logged in with Subscriber or higher roles; plugin administrators and higher privileged accounts are also able to exploit the endpoint. The vulnerability resides in the plugin\u2019s backend admin panel and its AJAX handling code.", "description_and_impact": "The Simple Downloads List plugin for WordPress lacks a capability check on the wp_ajax_neofix_sdl_edit AJAX endpoint and several others, enabling authenticated users with Subscriber level or higher to alter plugin settings and downloads. By sending crafted requests, an attacker can inject malicious scripts that are stored and executed on the site, potentially leading to defacement, data tampering, or further compromise. This flaw is classified as missing authorization (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 6.4 denotes moderate severity. The EPSS score of less than 1% indicates a very low probability of being exploited in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector requires the attacker to be authenticated and to have at least Subscriber access, then to invoke the vulnerable AJAX endpoint from a browser or HTTP client. Successful exploitation permits unauthorized configuration changes and stored cross\u2011site scripting on the site. The combination of moderate impact and low exploitation likelihood suggests close monitoring but prioritizes remediation if the site\u2019s audience includes vulnerable users."}}}}, "created": "2025-11-10T09:33:35.557430+00:00", "updated": "2026-04-21T02:00:12.281898+00:00", "vendors": ["neofix", "neofix$PRODUCT$simple_downloads_list", "wordpress", "wordpress$PRODUCT$wordpress"]}