name:WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
author:daffainfo
severity:high
description:Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.