Plugin Name : ss-downloads
Effected Version : 1.4.41 (and most probably lower version's if any)
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
Vulnerable Parameter :title
Vendor Contacted : 2014-01-21
Adds a short code like [download file="path_to_file"] that embeds a form in the post asking for an email address before showing a link to a file for download. Great for promoting white papers and other digital assets on your site. Live demo: http://www.strangerstudios.com/blog/2010/07/ss-downloads-wordpress-plugin/ The plugin works in 3 parts. 1. The short code to add the form to your pages. 2. The logic to check (using session variables) if the user has provided an email address before showing either the email capture form or the download link. 3. A script to serve files securely. It checks for the same session variable before delivering the file. Files can be located outside the web directory or servered from the uploads folder, etc, with an obfuscated URL. The look of the email and download forms can be changed by copying files from the /css/ and /templates/ folder of the plugin into your active theme folder. Rename the files ssd-original_file_name.php/css (e.g. ssd-download.php or ssd-ss-downloads.css) and edit as needed.