Simple Download Counter
Moderate fix1 remedy
cpe:2.3:a:plugin-planet:simple_download_counter:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.0
Simple Download Counter WordPress Plugin Arbitrary File Read Vulnerability
Vulnerability
Patched
A vulnerability allowing arbitrary file read has been identified in the Simple Download Counter plugin for WordPress, affecting all versions through 2.0. The issue arises in the 'simple_download_counter_download_handler' function, where authenticated attackers with Author-level access or higher can access sensitive files on the server, such as 'wp-config.php' or '/etc/passwd'.
Impact
Exploitation of this vulnerability allows authenticated users to read arbitrary files on the server, potentially leading to the disclosure of sensitive information.
Reproduction
To reproduce this vulnerability, an authenticated user with Author-level access or higher can use the 'simple_download_counter_download_handler' function to request files from the server. This can be done by specifying the file path in the download handler, which will then be read and returned by the server.
Remediation
Users are advised to update the Simple Download Counter plugin to version 2.1 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
3.3exploitability
6.4remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.