CVE-2025-12960
📋 TL;DR
The Simple CSV Table WordPress plugin has a directory traversal vulnerability that allows authenticated attackers with Contributor-level access or higher to read arbitrary files on the server. This can expose sensitive information like database credentials and authentication keys. All WordPress sites using this plugin up to version 1.0.1 are affected.
💻 Affected Systems
- Simple CSV Table WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain database credentials, authentication keys, and other sensitive files, leading to complete site compromise, data theft, and potential lateral movement to other systems.
Likely Case
Attackers read wp-config.php to obtain database credentials, then access and exfiltrate database contents containing user data, posts, and comments.
If Mitigated
With proper file permissions and network segmentation, impact is limited to files readable by the web server user, preventing access to system files and database compromise.
🎯 Exploit Status
Exploitation requires authenticated access but is trivial with Contributor privileges. Public proof-of-concept exists in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Simple CSV Table plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin, then install fresh version 1.0.2+ from WordPress repository.
🔧 Temporary Workarounds
Remove Contributor Role Access
allTemporarily remove Contributor role access to all users until patch is applied
UPDATE wp_users SET user_role = 'subscriber' WHERE user_role = 'contributor';
Disable Plugin
allDeactivate the Simple CSV Table plugin immediately
wp plugin deactivate simple-csv-table
🧯 If You Can't Patch
- Remove all users with Contributor role or higher until patch can be applied
- Implement web application firewall rules to block directory traversal patterns in href parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Simple CSV Table version. If version is 1.0.1 or earlier, you are vulnerable.Check Version:
wp plugin list --name=simple-csv-table --field=versionVerify Fix Applied:
After update, verify plugin version shows 1.0.2 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs
- Multiple requests with '../' sequences in href parameter
- Access to wp-config.php or other sensitive files from plugin endpoints
Network Indicators:
- Traffic to /wp-content/plugins/simple-csv-table/ with directory traversal sequences
SIEM Query:
source="web_server_logs" AND uri_path="/wp-content/plugins/simple-csv-table/" AND (uri_query CONTAINS "../" OR uri_query CONTAINS "..%2F")🔗 References
- https://plugins.trac.wordpress.org/browser/simple-csv-table/tags/1.0.1/simple-csv-table.php#L71
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3403210%40simple-csv-table&new=3403210%40simple-csv-table&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4ff9abb4-2b25-4bbb-86b4-fb1ba37e122f?source=cve
