Description This plugin is vulnerable to a local file inclusion via the path
parameter.
Send a GET request to wpb-show-core/download-file.php
with the path parameter set to an arbitrary file path on the server, - “/etc/resolv.conf” - “/etc/hosts” - “…/…/…/wp-config.php”