Description
WordPress Plugin Filedownload is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application; this may aid in further attacks. WordPress Plugin Filedownload version 0.1 is vulnerable.
Remediation
Update to plugin version 0.2 or latest
References
http://www.securityfocus.com/bid/49669/exploit
http://www.exploit-db.com/exploits/17858/
http://packetstormsecurity.com/files/view/105215/wpfiledownload-disclose.txt
Related Vulnerabilities
Oracle Database Server CVE-2023-22073 Vulnerability (CVE-2023-22073)
MySQL CVE-2016-9841 Vulnerability (CVE-2016-9841)
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.2.0)
WordPress Plugin History Collection Arbitrary File Download (1.1.1)
WordPress Plugin Elementor Website Builder Security Bypass (2.9.5)