Title:Arbitrary file download vulnerability in candidate-application-form v1.0 wordpress plugin
The code in downloadpdffile.php  doesn't do any sanity checks, allowing a remote attacker to download sensitive system files: