Description
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Published: 2025-11-21
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authenticated arbitrary file read
Action: Immediate Patch
AI Analysis

Impact

The simplified data collector plugin for WordPress (简数采集器) contains a flaw in its __kds_flag feature, which is used when importing featured images. An attacker who can log in with at least Administrator privileges can supply a specially crafted request that causes the plugin to read any file on the server. Read access to arbitrary files can expose configuration files, credentials, or other sensitive data, compromising confidentiality of the site and potentially the underlying server.

Affected Systems

WordPress sites that have the 简数采集器 plugin installed in any version 2.6.3 or earlier. The vulnerability affects all installations that have enabled the __kds_flag import functionality, regardless of the WordPress version. The vendor is Zhengdon.

Risk and Exploitability

The flaw has a moderate CVSS base score of 4.9 and an EPSS score below 1%, indicating a low likelihood of widespread exploitation. It is not listed in the CISA KEV catalog. The attack requires authenticated access with Administrator or higher role, so the likelihood is limited to privileged users. Because the plugin’s relative path handling is unchecked, an attacker can read files outside the webroot. If the site configuration allows, this could expose secrets or private data.

Generated by OpenCVE AI on April 22, 2026 at 11:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the 简数采集器 plugin to a version newer than 2.6.3, preferably the latest release that includes the file read remediation.
  • If an immediate update is not possible, remove or disable the __kds_flag import feature, or enforce stricter file path validation.
  • Reduce the number of users with Administrator or higher privileges; review user accounts to ensure only trusted individuals hold such roles.

Generated by OpenCVE AI on April 22, 2026 at 11:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
References

Mon, 24 Nov 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 24 Nov 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 21 Nov 2025 08:45:00 +0000

Type Values Removed Values Added
Description The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Title 简数采集器 <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read
Weaknesses CWE-73
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:58:05.517Z

Reserved: 2025-10-20T15:47:04.960Z

Link: CVE-2025-11973

cve-icon Vulnrichment

Updated: 2025-11-21T15:31:02.589Z

cve-icon NVD

Status : Deferred

Published: 2025-11-21T09:15:46.193

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-11973

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T12:00:05Z

Weaknesses