WordPress · Ad Manager Wd · CVE-2019-25727
**Name of the Vulnerable Software and Affected Versions**
ad manager wd version 1.0.11
**Description**
An arbitrary file download issue allows unauthenticated attackers to retrieve sensitive files from the web server. By sending GET requests to the 'edit.php' endpoint with the `export` parameter set to 'export csv' and manipulating the `path` parameter, attackers can read files such as wp-config.php.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.