Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php
PoC
- Create new post with this shortcode - [ffmwp] 2) Go to new post and upload any file 3) After that go to main page of plugin for users http://your_site/wordpress/wp-admin/edit.php?post_type=wpfm-files 4) Click to “Edit” button 5) Change wpfm_dir_path and wpfm_file_url to /var/www/html/wordpress/wp-config.php 6) Go back to the main page http://your_site/wordpress/wp-admin/edit.php?post_type=wpfm-files and click “Download”