Description
WordPress Plugin Direct Download for Woocommerce is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Direct Download for Woocommerce version 1.15 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA Multiple Cross-Site Scripting Vulnerabilities (0.4.3)
Artifactory Missing Authorization Vulnerability (CVE-2019-10322)
Jenkins Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-27901)
Joomla Improper Input Validation Vulnerability (CVE-2013-5576)
Oracle Database Server CVE-2006-0261 Vulnerability (CVE-2006-0261)