What the vulnerability does
01Description
The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the `href` parameter in the `[csv]` shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys.
Explanation of Vulnerability in Simple Terms
02Summary
Simple CSV Table versions 1.0.1 and earlier contain a path traversal vulnerability that allows authenticated users to read arbitrary files from the server. An attacker with low-level access can navigate outside the intended directory structure to access sensitive files like configuration files or database backups. No user interaction is required once authenticated.
What an attacker can do
03Attacker Capabilities
Read arbitrary files from the server, including configuration and sensitive data.
Potential impact on your site
04Site Impact
Sensitive files (config, backups, private data) may be exposed to authenticated users with low privileges.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
December 12, 2025
CVE published
April 8, 2026
Record updated