5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.075 Low
EPSS
Percentile
94.1%
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a … (dot dot) in the file parameter.
packetstormsecurity.com/files/128024/WordPress-ShortCode-1.1-Local-File-Inclusion.html
wordpress.org/plugins/download-shortcode/changelog/
wordpress.org/support/topic/plugin-download-shortcode-security-issue
wordpress.org/support/topic/vulnerability-5
www.exploit-db.com/exploits/34436
www.securityfocus.com/bid/69440