CVE-2012-10016: 
WordPress vulnerability analysis and mitigation

A vulnerability was discovered in Halulu simple-download-button-shortcode Plugin version 1.0 for WordPress, identified as CVE-2012-10016. The vulnerability was disclosed on September 17, 2012, affecting the Download Handler component, specifically the simple-download-button_dl.php file. This security issue allows remote attackers to access sensitive information through manipulation of the file parameter (NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The issue stems from insufficient validation in the file parameter handling within the Download Handler component, which could lead to information disclosure. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The successful exploitation of this vulnerability could lead to unauthorized access to sensitive information. The vulnerability allows attackers to potentially access files through the download handler component, compromising the confidentiality of protected information (NVD).

The vulnerability has been addressed in version 1.1 of the plugin. The fix is identified in commit e648a8706818297cf02a665ae0bae1c069dea5f1. Users are strongly recommended to upgrade to version 1.1 or later to protect against this vulnerability (GitHub Patch).