WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. An arbitrary file download vulnerability exists in Wordpress Drag & Drop Contact Form Plugin 1.0.5 and prior versions, which stems from the product’s file download feature not effectively handling special symbols. An attacker could download arbitrary files through this vulnerability.