Ashiyane DST Discover WordPress Ibs-Mappro Vulnerability

Iranian security specialists Ashiyane Digital Security Team have discover vulnerability by member ACC3SS is:

WordPress ibs-mappro Plugin Arbitrary File Download Vulnerability

IBS Mappro is map creator editor view generator based on Google Maps API v3 is supports kml kmz gpx map files
Vulnerability: download.php script allows remote users to download files off server

Details is here: http://iedb.ir/exploits-3490.html