WP Background Takeover <= 4.1.4 is vulnerable to Directory Traversal vulnerability

Unauthenticated

Published
2018-04-08

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.

CVE

https://www.cve.org/CVERecord?id=CVE-2018-9118

CVSS

Score:7.5

Severity:High

Version: 4.1.4

There is a patch available in v4.1.5 and we strongly recommend you update to this version as soon as possible.