The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.Referenceshttps://packetstormsecurity.com/files/128186/
