WordPress Plugin “Download Plugins and Themes from Dashboard” provided by WPFactory LLC contains a path traversal vulnerability (CWE-22).
The user with “switch_themes” privilege may obtain arbitrary files on the server.
Update the plugin
Update the plugin to the latest version according to the information provided by the developer.