The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
Create a new download, add a file and put the following payload in the File URLs: /var/www/html/wp-config.php or /etc/passwd Publish the download and download the file
CPE | Name | Operator | Version |
---|---|---|---|
download-monitor | lt | 4.5.91 |