CVE-2015-9470
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.
7.5CVSS
8.1AI Score
0.015EPSS