Product: GD bbPress Attachments
Active installations: 10,000+
Product page: https://it.wordpress.org/plugins/gd-bbpress-attachments/
The variable $error[‘file’] in /code/attachments/front.php (line 349) is not escaped.
PROOF OF CONCEPT
GD bbPress Attachments 2.5 is vulnerable, probably earlier versions too.
24/04/2018 – I send the report
27/04/2018 –GD bbPress Attachments is updated to version 2.6 and the vulnerability is fixed
14/05/2018 – Public disclosure