PT-2025-47707 · WordPress · 简数采集器
Published
2025-11-21
·
Updated
2025-11-21
·
CVE-2025-11973
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
简数采集器 plugin for WordPress versions through 2.6.3
Description
The 简数采集器 plugin for WordPress is susceptible to an issue allowing unauthorized access to files. This affects authenticated attackers with Administrator-level access or higher. The issue stems from the
kds flag functionality when importing featured images, enabling the reading of arbitrary files on the server. These files may contain sensitive information.Recommendations
Update the 简数采集器 plugin to a version later than 2.6.3.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
简数采集器