WP Hide & Security Enhancer, 851bbb017a404d05a340abe049ca2259f4034f35

CVE, Research URL: 851bbb017a404d05a340abe049ca2259f4034f35
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Published on: Jul 21, 2017
Research Description: WP Hide & Security Enhancer [wp-hide-security-enhancer] < 1.4 WP Hide & Security Enhancer <= 1.3.9.2 - Arbitrary File Download The WP Hide & Security Enhancer plugin for WordPress is vulnerable to Arbitrary File Download in versions before 1.4. This is due to insufficient validation on the file path supplied via the 'file_path' parameter. This makes it possible for attackers to arbitrarily download files such as the wp-config.php file.
Affected versions: max 1.4.
Status: vulnerable

WP Hide &amp; Security Enhancer, 851bbb017a404d05a340abe049ca2259f4034f35