Title:Arbitrary file download vulnerability in candidate-application-form v1.0 wordpress pluginThe code in downloadpdffile.php doesn't do any sanity checks, allowing a remote attacker to download sensitive system files:
The code in downloadpdffile.php doesn't do any sanity checks, allowing a remote attacker to download sensitive system files: