Novel-Plus v3.6.2 exists to contain an arbitrary file download vulnerability via the background file download API.
xxyopen novel-plus 3.6.2