CVE-2025-13677
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-10
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | simple_download_counter | 2.2.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated administrators to read arbitrary files on the server, potentially exposing sensitive information such as database credentials. This exposure of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information. Therefore, exploitation of this vulnerability may result in unauthorized disclosure of sensitive data, impacting compliance with these standards. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires an authenticated attacker with Administrator-level access to exploit the path traversal issue in the Simple Download Counter plugin (versions up to 2.2.2). Detection on a network or system would involve monitoring for suspicious authenticated requests to the plugin's file download functionality that attempt to access arbitrary files via path traversal sequences (e.g., '../'). Since the plugin manages downloads via a custom post type and admin interface, detection could include auditing admin actions or HTTP requests targeting download URLs with unusual path patterns. Specific commands are not provided in the available resources. However, general detection could involve using web server logs or intrusion detection systems to search for requests containing path traversal patterns targeting the plugin's download endpoints. For example, using grep on web server logs to find '../' sequences in URLs related to the plugin's download paths might help identify exploitation attempts. No explicit commands or detection scripts are provided in the resources.
Can you explain this vulnerability to me?
The vulnerability is a Path Traversal issue in the Simple Download Counter plugin for WordPress (up to version 2.2.2). It occurs because the plugin's function simple_download_counter_parse_path() does not properly validate file paths. This allows authenticated users with Administrator-level access or higher to read arbitrary files on the server, potentially exposing sensitive information like database credentials or system files.
How can this vulnerability impact me? :
If exploited, this vulnerability allows attackers with Administrator-level access to read any file on the server. This could lead to exposure of sensitive data such as database credentials (e.g., wp-config.php) or other critical system files, which could compromise the security and integrity of the website and server.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Simple Download Counter plugin to a version later than 2.2.2 if available. If no update is available, consider disabling the plugin or restricting Administrator-level access to trusted users only. Additionally, proceed with caution when using the plugin, especially on multi-site installations where the vendor has disabled remote file downloads. Review the plugin's readme.txt for warnings and follow any vendor recommendations.