Bl4Ck

**Name of the Vulnerable Software and Affected Versions** WP-Download plugin for WordPress version 1.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is exploited via the `dl id` parameter in the wp-download.php file. **Recommendations** For WP-Download plugin for WordPress version 1.2, consider restricting access to the wp-download.php file until a patch is available, and avoid using the `dl id` parameter in the affected endpoint.