EPSS
Percentile
83.3%
This vulnerability is in lib/download.php. It allows an attacker to read arbitrary files via a full pathname in the “file” parameter.
Update the plugin.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5472