Arbitrary File Read Vulnerability in 简数采集器 Plugin for WordPress
CVE-2025-11973

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: 简数采集器
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-11973?

The 简数采集器 plugin for WordPress contains a vulnerability that allows authenticated users with Administrator-level access or higher to read arbitrary files on the server. This is due to the __kds_flag functionality that processes featured images, which can expose sensitive information contained within these files. All versions of the plugin up to and including 2.6.3 are impacted, making it crucial for users to implement patches and security measures to safeguard against potential data breaches.

Affected Version(s)

简数采集器 * <= 2.6.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/keydatas/

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Oct 20, 2025

Credit

Jonas Benjamin Friedli

JSON