Name: WP Publication Archive Plugin
Credit: AutoSec Tools
Version: 2.0.1
This plugin was listed wrong for several months, the exploit refers to the outdated version hosted on Google code and not the one on wordpress.org
Poc:
WP Publication Archive Plugin for WordPress contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the ‘wp-content/plugins/wp-publication-archive/includes/openfile.php’ script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the ‘file’ parameter. This directory traversal attack would allow the attacker to access arbitrary files.
