MidnightBSD

Advisories for download_zip_attachments_project

CVE-2015-4704 MEDIUM

Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
download_zip_attachments_project download_zip_attachments 1.0