EPSS
Percentile
95.2%
This vulnerability is in include/user/download.php. It allows an attacker to read arbitrary files via a full pathname in the “file” parameter.
Update the plugin.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5471