Posted by Diego on Jan 17

Hi guys.

I foun’t a new vulnerabiliti in a wordpress plugin called: “Direct Download
for WooCommerce”.

This vulnerability allow you make an Remote LFI download, so, we can
download any in the server where we’re running this plugin, I foun’t this
vulnerability the last week and I reported this to Kameleon but i don’t know
if this bug is partched right now in a new versión.

I’ve been written an exploit to this plugin in Python. This…