WordPress Candidate Application Form Plugin 1.0 - Arbitrary File Download

candidate-application-form

Software
Candidate Application Form
Versions
<= 1.0
Disclosure date
2015-08-10
CVE
CVE-N/A
References
Classification
Arbitrary File Download
OWASP Top 10

Are your websites subject to this vulnerability?

Details

Candidate Application Form plugin is prone to an arbitrary file download vulnerability via "downloadpdffile.php". It allows an attacker to download arbitrary files from the web server and get potentially sensitive information.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.