Authenticated Arbitrary File Download vulnerability discovered by Thiago Martins, Jorge Buzeti, Leandro Inacio, Lucas de Souza, Matheus Oliveira, Filipe Baptistella, Leonardo Paiva, Jose Thomaz, Joao Maciel, Vinicius Pereira, Geovanni Campos, Hudson Nowak, Guilherme Acerbi in WordPress Download Monitor plugin (versions <= 4.5.9).
Update the WordPress Download Monitor plugin to the latest available version (at least 4.5.91).