Title: [Plugin: Download Shortcode] Security issue Last modified: August 20, 2016 --- # [Plugin: Download Shortcode] Security issue * Resolved [Julio Potier](https://wordpress.org/support/users/juliobox/) * (@juliobox) * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-download-shortcode-security-issue/) * Hello * So, what happen if i do this : “[http://www.example.com/wp-content/plugins/download-shortcode/force-download.php?file=](http://www.example.com/wp-content/plugins/download-shortcode/force-download.php?file=)../../../ wp-config.php ? * … * Ok * Can you fix this asap and warn users ? Thank you * [http://wordpress.org/extend/plugins/download-shortcode/](http://wordpress.org/extend/plugins/download-shortcode/) Viewing 6 replies - 1 through 6 (of 6 total) * [bibo_m16](https://wordpress.org/support/users/bibo_m16/) * (@bibo_m16) * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-download-shortcode-security-issue/#post-2934653) * The force-download.php should be in the root folder. To the plugin creator: you might want to encrypt the file path (md5?) * Plugin Author [Drew Jaynes](https://wordpress.org/support/users/drewapicture/) * (@drewapicture) * [13 years, 7 months ago](https://wordpress.org/support/topic/plugin-download-shortcode-security-issue/#post-2934687) * This issue was addressed and (in my testing) handled in v0.2. * [WPSpeak](https://wordpress.org/support/users/devplus/) * (@devplus) * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-download-shortcode-security-issue/#post-2934697) * Is this issue has been fixed? Feel insecure to use this plugin * Plugin Author [Drew Jaynes](https://wordpress.org/support/users/drewapicture/) * (@drewapicture) * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-download-shortcode-security-issue/#post-2934698) * **Hi Devplus**, * Version 1.0 which was just released adds more robust security for protecting against things like directory traversal and unauthorized file access. It also introduced URL rewrites which have the ability to completely mask the endpoint. * [Kariko1975](https://wordpress.org/support/users/kariko1975/) * (@kariko1975) * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-download-shortcode-security-issue/#post-2934699) * Hi, please help, all did as you wrote, but jpg file opened in new window… [http://www.barior.com/?p=1715](http://www.barior.com/?p=1715) * Plugin Author [Drew Jaynes](https://wordpress.org/support/users/drewapicture/) * (@drewapicture) * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-download-shortcode-security-issue/#post-2934700) * Kariko1975: Please create your own topic so I can better help you solve your issue. Also, I’m receiving a 404 at the URL you supplied. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘[Plugin: Download Shortcode] Security issue’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/download-shortcode_f6f6f6.svg) * [Download Shortcode](https://wordpress.org/plugins/download-shortcode/) * [Frequently Asked Questions](https://wordpress.org/plugins/download-shortcode/#faq) * [Support Threads](https://wordpress.org/support/plugin/download-shortcode/) * [Active Topics](https://wordpress.org/support/plugin/download-shortcode/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/download-shortcode/unresolved/) * [Reviews](https://wordpress.org/support/plugin/download-shortcode/reviews/) * 6 replies * 5 participants * Last reply from: [Drew Jaynes](https://wordpress.org/support/users/drewapicture/) * Last activity: [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-download-shortcode-security-issue/#post-2934700) * Status: resolved