2 matches found
CVE-2014-10397
The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php...
CVE-2014-10397
The CVE-2014-10397 entry concerns the Antioch WordPress theme (up to 2014-09-07). A vulnerability in lib/scripts/download.php allows an attacker to trigger arbitrary file downloads by manipulating the file parameter, enabling partial confidentiality impact. Root cause is improper handling of the ...