WordPress wp-FileManager Plugin File Download Vulnerability

Summary
This host is running WordPress with wp-FileManager plugin and is prone to file download vulnerability.
Impact
Successful exploitation will allow remote attackers to download and read arbitrary files on the affected application. Impact Level: Application
Solution
Upgrade to version 1.4.0 or later, For updates refer to http://wordpress.org/extend/plugins/wp-filemanager
Insight
The input passed via 'path' parameter to 'wordpress/wp-content/plugins/wp-filemanager/incl/libfile.php' script is not properly validating '../'(dot dot) sequences before being returned to the user.
Affected
Wordpress wp-FileManager Plugin before 1.4.0
References