CVE-2025-13677
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2025-12-10

Assigner: Wordfence

Description
The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the `simple_download_counter_parse_path()` function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which may contain sensitive information such as database credentials (wp-config.php) or system files. Please note that the vendor opted to continue to allow remote file downloads from arbitrary locations on the server, however, has disabled this functionality on multi-sites and provided a warning to site owners in the readme.txt when they install the plugin. While not an optimal patch, we have considered this sufficient and recommend users proceed to use the plugin with caution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13677
EUVD
EUVD-2025-202392
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress simple_download_counter 2.2.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows authenticated administrators to read arbitrary files on the server, potentially exposing sensitive information such as database credentials. This exposure of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information. Therefore, exploitation of this vulnerability may result in unauthorized disclosure of sensitive data, impacting compliance with these standards. [3]

Detection Guidance

This vulnerability requires an authenticated attacker with Administrator-level access to exploit the path traversal issue in the Simple Download Counter plugin (versions up to 2.2.2). Detection on a network or system would involve monitoring for suspicious authenticated requests to the plugin's file download functionality that attempt to access arbitrary files via path traversal sequences (e.g., '../'). Since the plugin manages downloads via a custom post type and admin interface, detection could include auditing admin actions or HTTP requests targeting download URLs with unusual path patterns. Specific commands are not provided in the available resources. However, general detection could involve using web server logs or intrusion detection systems to search for requests containing path traversal patterns targeting the plugin's download endpoints. For example, using grep on web server logs to find '../' sequences in URLs related to the plugin's download paths might help identify exploitation attempts. No explicit commands or detection scripts are provided in the resources.

Executive Summary

The vulnerability is a Path Traversal issue in the Simple Download Counter plugin for WordPress (up to version 2.2.2). It occurs because the plugin's function simple_download_counter_parse_path() does not properly validate file paths. This allows authenticated users with Administrator-level access or higher to read arbitrary files on the server, potentially exposing sensitive information like database credentials or system files.

Impact Analysis

If exploited, this vulnerability allows attackers with Administrator-level access to read any file on the server. This could lead to exposure of sensitive data such as database credentials (e.g., wp-config.php) or other critical system files, which could compromise the security and integrity of the website and server.

Mitigation Strategies

To mitigate this vulnerability, you should update the Simple Download Counter plugin to a version later than 2.2.2 if available. If no update is available, consider disabling the plugin or restricting Administrator-level access to trusted users only. Additionally, proceed with caution when using the plugin, especially on multi-site installations where the vendor has disabled remote file downloads. Review the plugin's readme.txt for warnings and follow any vendor recommendations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13677. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart