WordPress plugin KIWIZ Invoices Certification & PDF System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blogs on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress...

KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download

The plugin does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server To download ../../../../wp-config.php:...