WordPress Plugin Vulnerabilities

simple-download-button-shortcode <= 1.1.1 - Sensitive Data Disclosure

Description

A vulnerability classified as problematic has been found in simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure.

Affects Plugins

Plugin icon
simple-download-button-shortcode
No known fix

References

CVE
CVE-2012-10016

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
VulDB GitHub Commit Analyzer
Verified
No
WPVDB ID
b5630e45-c698-4093-8f8d-b8d4c26840c1

Timeline

Publicly Published
2023-10-16 (about 2 years ago)
Added
2023-10-17 (about 2 years ago)
Last Updated
2023-10-17 (about 2 years ago)

Other

Published
Title
Published
2025-03-07
Title
All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
Published
2025-11-26
Title
eRoom < 1.5.7 - Unauthenticated Information Exposure
Published
2024-04-02
Title
WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure
Published
2026-01-05
Title
Shortcodes and extra features for Phlox theme < 2.17.14 - Unauthenticated Draft Posts Information Exposure
Published
2024-11-05
Title
Contact Form 7 – Dynamic Text Extension < 4.5.1 - Information Disclosure via Shortcode