Description
WordPress Plugin Aspose Importer & Exporter is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Aspose Importer & Exporter versions 2.0 and prior are vulnerable.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3170)
RubyGems Improper Input Validation Vulnerability (CVE-2015-4020)
WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Unspecified Vulnerability (2.0.3.4)