Plugin Name: WeMail File Version: 2.0.6 File Path: includes/Rest/Csv.php Last Change: Revision 3359591, checked in by bdmeheidi, 5 months ago File Size: 5.0 KB Key Vulnerability Information: Version Affected: 2.0.6 Potential Issues: - Permission Checks: The method checks for API key and user email header to set the current user. If these checks are bypassed, unauthorized access might be possible. - CSV Handling: The method uses to fetch a file by its ID. Improper validation or sanitization of the parameter could lead to Remote Code Execution (RCE) if an attacker can inject a malicious URL. - Remote File Inclusion: The method does not appear to validate the file type or content, which could allow an attacker to include a remote file if the parameter is controlled. Actions to Validate: Review the code to ensure proper validation and sanitization of input parameters. Test the method with different scenarios to ensure it correctly identifies and restricts unauthorized access. Validate the file handling to prevent Remote Code Execution or Remote File Inclusion vulnerabilities.