Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote malicious users to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mikoviny wp_custom_pages 0.5.0.1 |