{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1730", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-26T21:33:20.142Z", "datePublished": "2025-03-01T06:39:28.498Z", "dateUpdated": "2026-04-08T17:24:57.673Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:57.673Z"}, "affected": [{"vendor": "specialk", "product": "Simple Download Counter", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including any local file on the server, such as wp-config.php or /etc/passwd."}], "title": "Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0eafb20-4ef2-448b-9da7-ad8aa9e45215?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-download-counter/tags/2.0/inc/functions-core.php#L328"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-download-counter/tags/2.0/inc/functions-core.php#L354"}, {"url": "https://plugins.trac.wordpress.org/changeset/3247987/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-73 External Control of File Name or Path", "cweId": "CWE-73", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Emil"}], "timeline": [{"time": "2025-02-28T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-03T20:53:26.527364Z", "id": "CVE-2025-1730", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T20:57:03.920Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1730", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-26T21:33:20.142Z", "datePublished": "2025-03-01T06:39:28.498Z", "dateUpdated": "2025-03-03T20:57:03.920Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-01T06:39:28.498Z"}, "affected": [{"vendor": "specialk", "product": "Simple Download Counter", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including any local file on the server, such as wp-config.php or /etc/passwd."}], "title": "Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0eafb20-4ef2-448b-9da7-ad8aa9e45215?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-download-counter/tags/2.0/inc/functions-core.php#L328"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-download-counter/tags/2.0/inc/functions-core.php#L354"}, {"url": "https://plugins.trac.wordpress.org/changeset/3247987/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-73 External Control of File Name or Path", "cweId": "CWE-73", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Emil"}], "timeline": [{"time": "2025-02-28T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1730", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-03T20:53:26.527364Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T20:53:27.809Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including any local file on the server, such as wp-config.php or /etc/passwd."}, {"lang": "es", "value": "El complemento Simple Download Counter para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 2.0 incluida a trav\u00e9s del 'simple_download_counter_download_handler'. Esto permite que atacantes autenticados, con acceso de nivel de autor o superior, extraigan datos confidenciales, incluido cualquier archivo local en el servidor, como wp-config.php o /etc/passwd."}], "id": "CVE-2025-1730", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-01T07:15:11.380", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/simple-download-counter/tags/2.0/inc/functions-core.php#L328"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/simple-download-counter/tags/2.0/inc/functions-core.php#L354"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3247987/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0eafb20-4ef2-448b-9da7-ad8aa9e45215?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T02:01:06.186393+00:00", "value": {"mitigation_remediation": ["Update the Simple Download Counter plugin to the latest available version to eliminate the flaw.", "If an update cannot be applied immediately, deactivate the plugin to prevent access to the vulnerable handler until a patch is available.", "Review and restrict user roles: remove or downgrade any Author or higher level accounts that are not required for downloading functionality to limit the set of users who can trigger the read operation."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the specialk Simple Download Counter WordPress plugin in all releases up to and including version 2.0. Users running any earlier release of this plugin are at risk; newer versions after 2.0 are not known to be affected.", "description_and_impact": "The Simple Download Counter plugin for WordPress contains an arbitrary file read flaw in the simple_download_counter_download_handler routine. Attackers who possess Author level access or higher can request a file path and read any local file on the server, including sensitive configuration files such as wp-config.php or system files like /etc/passwd. This flaw exposes confidential data.", "risk_and_exploitability": "The flaw has a CVSS score of 6.5, indicating moderate severity. The EPSS score is less than 1%, implying a low likelihood of widespread exploitation, and it is not listed in the CISA KEV catalog. The likely attack vector is an authenticated web request routed to the download handler, which requires Author or higher privileges. Once authenticated, the attacker can supply a file path parameter to read arbitrary files on the server."}}}}, "created": "2025-07-12T22:09:32.854468+00:00", "updated": "2026-04-22T02:15:05.407196+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}