Description
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
Remediation
References
Related Vulnerabilities
WordPress 3.9.x Denial of Service Vulnerability (3.9 - 3.9.23)
Coppermine Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-6528)
WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)
WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4338)