CVE-2025-11973

MEDIUM

简数采集器 WordPress Plugin <=2.6.3 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-11973. PoCs published by jFriedli.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2025-11973, demonstrating a local file inclusion (LFI) vulnerability that allows reading `/etc/passwd` via a `file://` URL and exfiltrating the data to a WordPress uploads directory. The exploit uses crafted HTTP POST requests to trigger the vulnerability and retrieve the exfiltrated file.

Description

The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Exploits (1)

nomisec WORKING POC

by jFriedli · poc

https://github.com/jFriedli/CVE-2025-11973

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2025-11973, demonstrating a local file inclusion (LFI) vulnerability that allows reading `/etc/passwd` via a `file://` URL and exfiltrating the data to a WordPress uploads directory. The exploit uses crafted HTTP POST requests to trigger the vulnerability and retrieve the exfiltrated file.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress (version not specified)

Auth required

Prerequisites: knowledge of the target WordPress base URL · valid authentication credentials (kds_password) · access to the WordPress uploads directory

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (3)

Core 3

Core References

https://plugins.trac.wordpress.org/browser/gallery-photo-gallery/trunk/includes/lists/class-gallery-photo-gallery-list-table.php#L1060

Product

https://wordpress.org/plugins/keydatas/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/66dc2ca2-c61c-4c73-aa2a-0017299cbca5?source=cve

Scores

CVSS v3 4.9

EPSS 0.0027

EPSS Percentile 18.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-73

Status published

Products (1)

zhengdon/简数采集器 < 2.6.3

Published Nov 21, 2025

Tracked Since Feb 18, 2026