Report
The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Score:7.5
Severity:High
Version: 1.1.5
There is a patch available in v1.1.6 and we strongly recommend you update to this version as soon as possible.
