Description
WordPress Plugin MiwoFTP-File & Folder Manager is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin MiwoFTP-File & Folder Manager version 1.0.5 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
Related Vulnerabilities
WebLogic Improper Input Validation Vulnerability (CVE-2019-12400)
WordPress Plugin MediaPress Security Bypass (1.1.9)
WordPress Plugin WP-Stats-Dashboard SQL Injection (2.9.4)
WordPress Plugin Are You a Human-The Fun Spam Blocker Cross-Site Scripting (1.4.32)
WordPress Plugin 4k Icons for Visual Composer-Free Cross-Site Scripting (1.0)