The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Downloadable_by_american_osteopathic_association | Osteopathic | * | 0.1.0 (including) |