CVE-2015-9470

The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.
Source: NIST
CVE-2015-9470