What the vulnerability does
01Description
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing directory traversal sequences and null bytes to bypass file restrictions and read sensitive files like system configuration.
Explanation of Vulnerability in Simple Terms
02Summary
The Admin Word Count Column plugin for WordPress contains a path traversal vulnerability that allows local attackers to read arbitrary files from the server. The vulnerability exists in versions 2.2 and requires local access to the system. Site administrators should update to a patched version when available.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server filesystem.
Potential impact on your site
04Site Impact
Sensitive files (config, database credentials, private keys) may be exposed if the site is on a shared host or the attacker has shell access.
Conditions required to exploit
05Prerequisites
Local access to the server; no authentication or user interaction required.
Key dates
06Disclosure timeline
June 8, 2026
CVE published
June 8, 2026
Record updated