WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Download Monitor versions prior to 4.5.91 are vulnerable to an arbitrary file download vulnerability that stems from the plugin’s failure to ensure that the file to be downloaded is within the blog folder and is insensitive. and is insensitive enough that a highly privileged attacker could exploit the vulnerability to download wp-config.php or /etc/passwd.