CVE-2014-5368

Name of the Vulnerable Software and Affected Versions WP Content Source Control plugin versions 3.0.0 and earlier

Description A directory traversal issue exists in the file get contents function within the downloadfiles/download.php file of the WP Content Source Control plugin. This allows remote attackers to read arbitrary files by including a .. (dot dot) in the path parameter.

Recommendations For WP Content Source Control plugin versions 3.0.0 and earlier, consider disabling the downloadfiles/download.php file until a patch is available to prevent exploitation of the directory traversal issue. Restrict access to the file get contents function to minimize the risk of reading arbitrary files. Avoid using the path parameter in the affected download.php file until the issue is resolved.