CVE-2025-12960
Directory Traversal in Simple CSV Table Plugin Allows Arbitrary File Read
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | simple_csv_table | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Directory Traversal issue in the Simple CSV Table plugin for WordPress (versions up to 1.0.1). It occurs because the plugin does not properly validate the 'href' parameter in the [csv] shortcode before using it to build a file path. As a result, an authenticated user with Contributor-level access or higher can manipulate the path to read arbitrary files on the server.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can read sensitive files on the server, potentially exposing confidential information such as database credentials and authentication keys. This can lead to unauthorized access, data breaches, and compromise of the website's security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated attackers with Contributor-level access to read arbitrary files on the server, potentially exposing sensitive information such as database credentials and authentication keys. Such unauthorized disclosure of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for usage of the [csv] shortcode with the 'href' parameter containing directory traversal patterns such as '../'. You can search WordPress posts or pages for shortcodes with suspicious 'href' values. Additionally, inspecting web server logs for requests that include the [csv] shortcode with 'href' parameters attempting to access files outside the uploads directory can help detect exploitation attempts. For example, you can use grep commands on your WordPress content database export or files to find such patterns. Example commands: 1) Search WordPress content files or exports for suspicious shortcode usage: grep -r '\[csv.*href=.*\.\./' /path/to/wordpress/wp-content/ 2) Check web server access logs for requests containing directory traversal attempts: grep '\[csv.*href=.*\.\./' /var/log/apache2/access.log 3) Use WP-CLI to search posts for suspicious shortcode usage: wp post list --field=ID | xargs -I % wp post get % --field=post_content | grep '\[csv.*href=.*\.\./' These commands help identify potential exploitation attempts or presence of malicious shortcode usage. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Simple CSV Table plugin to version 1.0.2 or later, which includes proper data sanitization and validation of the 'href' parameter to prevent directory traversal attacks. If updating is not immediately possible, restrict Contributor-level users from using the [csv] shortcode or disable the plugin temporarily. Additionally, review and sanitize any existing shortcodes using the 'href' parameter to ensure they do not contain directory traversal sequences. Applying principle of least privilege to user roles and monitoring for suspicious shortcode usage is also recommended. [1]