CVE-2021-24692
The CVE concerns the WordPress plugin Simple Download Monitor (before 3.9.5). Affected component: the plugin’s access control/file serving logic allows users with roles as low as Contributor to download arbitrary files from the web server (e.g., wp-config.php) via a path traversal vector. Root ca...