This host is installed with WordPress Content Source Control plugin and is prone to directory traversal vulnerability.

Successful exploitation will allow attacker to read arbitrary files on the target system. Impact Level: System/Application

Upgrade to version 3.1.0 or later, For updates refer to https://wordpress.org/plugins/wp-source-control

Input passed via the 'path' parameter to download.php script is not properly sanitized before being returned to the user

WordPress Content Source Control plugin version 3.0.0 and earlier.

Send a crafted data via HTTP GET request and check whether it is possible to read a local file

• http://seclists.org/oss-sec/2014/q3/407
• http://xforce.iss.net/xforce/xfdb/95374

---

Updated on 2015-03-25