Description
WordPress Plugin Direct Download for Woocommerce is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Direct Download for Woocommerce version 1.15 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.5.4)
MySQL CVE-2013-3795 Vulnerability (CVE-2013-3795)
PostgreSQL Arbitrary Code Execution Vulnerbality (CVE-2020-25696)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.9.15)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9635)