CVE-2025-12583 - Simple Downloads List <= 1.4.3 - missing authorization to authenticated (subscri...

CVE ID : CVE-2025-12583 Published : Nov. 8, 2025, 3:15 a.m. | 15 minutes ago Description : The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_neofix_sdl_edit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to alter many of the plugin's settings/downloads and inject malicious web scripts. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...