The Simple CSV Table plugin for WordPress, up to version 1.0.1, contains a directory traversal vulnerability identified as CVE-2025-12960 (CWE-22). This vulnerability arises from improper validation of the 'href' parameter within the [csv] shortcode, where user-supplied input is concatenated directly to a base directory path without sufficient sanitization or normalization. Authenticated attackers with Contributor-level privileges or higher can exploit this flaw to traverse directories outside the intended scope and read arbitrary files on the web server. The attack vector is network-based, requiring no user interaction beyond authentication. The vulnerability impacts confidentiality by exposing sensitive files such as database configuration files and authentication keys, but does not affect integrity or availability. The CVSS 3.1 base score is 6.5, reflecting low attack complexity, no user interaction, and a requirement for low privileges. No patches have been published yet, and no known exploits are reported in the wild. The vulnerability is significant because WordPress is widely used globally, and plugins like Simple CSV Table are common for managing CSV data display, making this a notable risk for many websites.

Successful exploitation of this vulnerability can lead to unauthorized disclosure of sensitive information stored on the server, including database credentials, authentication keys, and other configuration files. This can facilitate further attacks such as database compromise, privilege escalation, or full site takeover. Since the attacker needs only Contributor-level access, which is a relatively low privilege in WordPress, the risk is elevated especially on sites that allow user registrations or multiple contributors. The confidentiality breach can undermine the trustworthiness of affected websites and lead to data breaches impacting users and administrators. Although the vulnerability does not directly impact system integrity or availability, the information gained can be leveraged for more severe attacks. Organizations running WordPress sites with this plugin are at risk of data leakage and subsequent exploitation.

Immediate mitigation steps include restricting Contributor-level users from using the [csv] shortcode or disabling the Simple CSV Table plugin until a patch is available. Administrators should audit user roles and permissions to minimize the number of users with Contributor or higher privileges. Implement web application firewall (WAF) rules to detect and block path traversal patterns in requests targeting the 'href' parameter. Monitoring server logs for suspicious file access attempts can help identify exploitation attempts. Once a vendor patch is released, promptly apply it. Additionally, consider isolating WordPress installations and sensitive configuration files with strict filesystem permissions to limit file read access. Employing security plugins that enforce input validation and sanitization can also reduce risk. Regular backups and incident response plans should be in place to recover from potential breaches.