Description
WordPress Plugin Delightful Downloads is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Delightful Downloads version 1.6.6 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
https://github.com/jqueryfiletree/jqueryfiletree/issues/66
https://github.com/A5hleyRich/delightful-downloads/issues/165
https://www.exploit-db.com/exploits/49693
https://wordpress.org/plugins/delightful-downloads/#description
Related Vulnerabilities
WordPress Plugin WassUp Real Time Analytics Cross-Site Scripting (1.8.3)
WordPress Plugin WordPress Social Sharing-Social Warfare Multiple Vulnerabilities (3.5.2)
WordPress Plugin Checklist Cross-Site Scripting (1.1.5)
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)