Description
WordPress Plugin Zip Attachments is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Zip Attachments version 1.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.5 or latest
References
http://www.vapidlabs.com/advisory.php?v=126
http://www.openwall.com/lists/oss-security/2015/06/12/4
http://seclists.org/oss-sec/2015/q2/698
https://wordpress.org/support/topic/zip-attachments-wordpress-plugin-v114-arbitrary-file-download-
Related Vulnerabilities
Oracle JRE CVE-2018-2825 Vulnerability (CVE-2018-2825)
Ruby Improper Authentication Vulnerability (CVE-2008-3905)
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2020-8185)
PHP Other Vulnerability (CVE-2007-1379)
WordPress Plugin FileBird-WordPress Media Library Folders & File Manager SQL Injection (4.7.3)