2025-01-07 09:22:15
Wordfence
PUBLISHED
The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the mipl_wc_sync_download_log action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.