Launchpad.net

CVE 2015-9463

The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.

See the CVE page on Mitre.org for more details.