6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Description This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server
https://example.com/wp-content/themes/cas/download.php?path=<>