WordPress Direct Download for WooCommerce versions up to 1.15 suffer from a local file inclusion vulnerability.