exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.Referenceshttps://www.exploit-db.com/exploits/44417/https://wpvulndb.com/vulnerabilities/9056https://99robots.com/docs/wp-background-takeover-advertisements/
