The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Path Traversal
PHP
WordPress
File Upload
Wordpress File Upload
NVD
CVSS 3.1
9.8
EPSS
92.3%