Anatoly Download Counter CVE-2025-60242
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through <= 1.4.
AnalysisAI
Path traversal in Download Counter WordPress plugin through version 1.4 allows unauthenticated remote attackers to read arbitrary files from the web server. The vulnerability enables confidentiality breach through directory traversal sequences. EPSS score of 0.09% indicates low observed exploitation probability. No active exploitation confirmed via CISA KEV, though Patchstack database listing suggests security researcher awareness and potential for weaponization.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today