Description
Due to a misconfiguration of a web server, qdPM configuration files are accessible for unauthenticated users
Remediation
Restrict access to configuration files
References
Related Vulnerabilities
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)
Xdebug remote code execution via xdebug.remote_connect_back
WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)
Apache REST RCE CVE-2018-11770
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)