CVE-2025-11973

Medium CVSS: 4.9

The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Vendor

Product

CWE

CWE-73

Yayın Tarihi

2025-11-21 09:15:46

Güncelleme

2025-11-21 15:13:13

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-73 MEDIUM 2025

Referanslar

https://wordpress.org/plugins/keydatas/ https://www.wordfence.com/threat-intel/vulnerabilities/id/66dc2ca2-c61c-4c73-aa2a-0017299cbca5?source=cve