Path Traversal Vulnerability in Download Counter by Anatoly
CVE-2025-60242

Currently unrated

Key Information:

Vendor

WordPress
Status
Download Counter
Vendor
CVE Published:
6 November 2025

What is CVE-2025-60242?

An improper limitation of a pathname to a restricted directory in the Download Counter plugin by Anatoly allows attackers to exploit path traversal vulnerabilities, potentially enabling unauthorized access to sensitive files on the server. This vulnerability impacts versions up to and including 1.4, allowing for arbitrary file downloads that could compromise the security of the system.

Affected Version(s)

Download Counter <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/down...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program
JSON
.