2025-03-25 06:00:13
WPScan
PUBLISHED
The aoa-downloadable WordPress plugin through 0.1.0 doesnt validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server