WordPress Filedownload Local File Disclosure Vulnerability Network Vulnerability

Summary

The Filedownload plug-in for WordPress is prone to a local file- disclosure vulnerability because it fails to adequately validate user- supplied input. Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. Filedownload 0.1 is vulnerable other versions may also be affected.

References

http://plugins.svn.wordpress.org/filedownload/trunk/filedownload.php
http://wordpress.org/
http://www.securityfocus.com/bid/49669

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache mod_proxy_ajp Information Disclosure Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Tomcat TroubleShooter Servlet Installed

Take action and discover your vulnerabilities