Description The ChatBot Conversational Forms plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to download arbitrary files from the server which may contain sensitive information.