CVE-2012-10016

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 17, 2023

Updated: May 17, 2024

CWE ID 200

Summary

CVE-2012-10016 is a newly identified vulnerability affecting the Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. The issue lies within an unknown function in the file simple-download-button_dl.php, specifically the Download Handler component. This vulnerability allows for information disclosure through manipulation of the 'file' argument, and can be exploited remotely. Upgrading to version 1.1 of the plugin is recommended to resolve the issue, with the patch identified as e648a8706818297cf02a665ae0bae1c069dea5f1. VDB-242190 has been assigned to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tBPOcP
https://www.cve.org/CVERecord?id=CVE-2012-10016
https://nvd.nist.gov/vuln/detail/CVE-2012-10016

Back to Vulnerability Database

CVE-2012-10016

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations