ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Sell Downloads Plugin <= 1.0.1 - Arbitrary File Disclosure

Product
Sell Downloads
Description
Because of this vulnerability, attackers can download arbitrary files from site, under the context of the web server.
Solution
Upgrade the plugin.
Classification
Type Arbitrary File Download
OWASP Top 10 A1: Injection
References
Research-G0blin
CVE
Name CVE-2014-9511
Versions
Affected In <= 1.0.1
Fixed In 1.0.2
Disclosure date
2014-12-29
Submitter
ThreatPress