Report
The Media from FTP Plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 9.84 via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Score:7.5
Severity:High
Version: 9.84
There is a patch available in v9.85 and we strongly recommend you update to this version as soon as possible.
