VYPR
Medium severity5.3NVD Advisory· Published Nov 5, 2025· Updated Apr 15, 2026

CVE-2025-11072

CVE-2025-11072

Description

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.