• WordPress Plugin Zedna eBook download is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Zedna eBook download version 1.1 is vulnerable; prior versions may also be affected.

• Update to plugin version 1.2 or latest

• • https://www.exploit-db.com/exploits/39575/
  • https://packetstormsecurity.com/files/136321/WordPress-eBook-Download-1.1-Directory-Traversal.html
  • https://wordpress.org/plugins/ebook-download/changelog/

• 

• CWE-22

• Missing Update Directory Traversal

• WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.2)
• WordPress Plugin PHP Analytics Arbitrary File Upload (1.0.0.2)
• WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Upload (2.4.1)
• WordPress Plugin GD bbPress Attachments Multiple Vulnerabilities (2.2)
• WordPress Plugin Recip.ly 'uploadImage.php' Arbitrary File Upload (1.1.7)