Plugin is still affected and has been closed. In ./simple-image-manipulator/controller/download.php no checks are made to authenticate the user or sanitize input when determining file location.
CPE | Name | Operator | Version |
---|---|---|---|
simple-image-manipulator | eq | * |