WordPress Delightful Downloads plugin <= 1.6.6 - Path Traversal vulnerability

delightful-downloads

Software
Delightful Downloads
Versions
<= 1.6.6
Disclosure date
2021-03-22
CVE
CVE-2017-1000170
Classification
Directory Traversal
OWASP Top 10
A3: Sensitive Data Exposure
CVSS 3.0 score

7.5

High

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Path Traversal vulnerability discovered by Nicholas Ferreira in WordPress Delightful Downloads plugin (versions <= 1.6.6).

Solution

Plugin closed. Deactivate and delete.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.