Description
WordPress Plugin Filedownload is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application; this may aid in further attacks. WordPress Plugin Filedownload version 0.1 is vulnerable.
Remediation
Update to plugin version 0.2 or latest
References
http://www.securityfocus.com/bid/49669/exploit
http://www.exploit-db.com/exploits/17858/
http://packetstormsecurity.com/files/view/105215/wpfiledownload-disclose.txt
Related Vulnerabilities
WordPress Plugin Game Server Status Multiple Vulnerabilities (1.0)
WordPress Plugin Booking Calendar Contact Form Cross-Site Scripting (1.0.24)
WordPress Plugin myGallery Remote File Include (1.4b4)
WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)
WordPress Plugin History Collection Arbitrary File Download (1.1.1)