CVE-2025-13677
📋 TL;DR
The Simple Download Counter WordPress plugin has a path traversal vulnerability that allows authenticated attackers with Administrator privileges to read arbitrary files on the server. This could expose sensitive information like database credentials or system files. The vulnerability affects all versions up to and including 2.2.2.
💻 Affected Systems
- Simple Download Counter WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to wp-config.php containing database credentials, leading to complete site compromise and potential lateral movement to other systems.
Likely Case
Attackers exfiltrate sensitive configuration files, potentially gaining database access and compromising the WordPress site.
If Mitigated
With proper access controls and monitoring, impact is limited to file disclosure without further system compromise.
🎯 Exploit Status
Exploitation requires Administrator credentials. The vulnerability is in the simple_download_counter_parse_path() function with insufficient path validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://plugins.trac.wordpress.org/browser/simple-download-counter
Restart Required: No
Instructions:
No official patch available. Vendor has disabled functionality on multi-sites and added warnings. Consider removing the plugin or implementing workarounds.
🔧 Temporary Workarounds
Remove Simple Download Counter Plugin
allCompletely remove the vulnerable plugin from WordPress installation
Navigate to WordPress admin panel > Plugins > Installed Plugins > Deactivate and Delete Simple Download Counter
Restrict Administrator Access
allImplement strict access controls and monitoring for Administrator accounts
Implement strong password policies
Enable two-factor authentication for all admin accounts
Monitor admin login attempts
🧯 If You Can't Patch
- Implement strict file permission controls on sensitive files like wp-config.php
- Monitor file access logs for unusual patterns of file reads from the plugin directory
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Simple Download Counter version 2.2.2 or earlierCheck Version:
Check WordPress admin panel or examine wp-content/plugins/simple-download-counter/readme.txtVerify Fix Applied:
Verify plugin is either removed or replaced with alternative solution📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from Administrator accounts
- Multiple file read attempts to sensitive paths like wp-config.php
Network Indicators:
- HTTP requests to plugin endpoints with path traversal patterns (../ sequences)
SIEM Query:
source="wordpress_logs" AND (plugin="simple-download-counter" OR path="*../*")🔗 References
- https://plugins.trac.wordpress.org/browser/simple-download-counter/tags/2.2.2/inc/functions-admin.php#L566
- https://plugins.trac.wordpress.org/browser/simple-download-counter/trunk/inc/functions-admin.php#L566
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3409876%40simple-download-counter&new=3409876%40simple-download-counter&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b82a0f71-29d7-469a-8c69-5ab68d599cb9?source=cve
