WordPress Filedownload Local File Disclosure Vulnerability Network Vulnerability

Summary

The Filedownload plug-in for WordPress is prone to a local file- disclosure vulnerability because it fails to adequately validate user- supplied input. Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. Filedownload 0.1 is vulnerable other versions may also be affected.

References

http://plugins.svn.wordpress.org/filedownload/trunk/filedownload.php
http://wordpress.org/
http://www.securityfocus.com/bid/49669

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache Tomcat Multiple Vulnerabilities June-09
Apache Continuum Cross Site Scripting Vulnerability
Apple Safari Multiple Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

Take action and discover your vulnerabilities