Description The plugin does not have authorisation checks and does not validate file paths in the handle_file_download function, allowing unauthenticated users to download arbitrary files from the server when the premium version of the plugin is activated