Description
WordPress Plugin Direct Download for Woocommerce is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Direct Download for Woocommerce version 1.15 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
SharePoint CVE-2021-34519 Vulnerability (CVE-2021-34519)
WordPress Plugin RSS Feed Reader 'rss_url' Parameter Cross-Site Scripting (0.1)
WordPress Plugin Simple Business Directory with Maps PHP Object Injection (3.6.0)
WebLogic CVE-2023-22072 Vulnerability (CVE-2023-22072)
Drupal Incorrect Authorization Vulnerability (CVE-2017-6377)