6.7 Medium
AI Score
Confidence
Low
0.03 Low
EPSS
Percentile
90.9%
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via …%2F (encoded dot dot) sequences in the url parameter.
osvdb.org/71707
secunia.com/advisories/43963
www.autosectools.com/Advisories/WordPress.WP.Custom.Pages.0.5.0.1_Local.File.Inclusion_169.html
www.exploit-db.com/exploits/17119
www.securityfocus.com/bid/47146
exchange.xforce.ibmcloud.com/vulnerabilities/66559