CVE-2015-9473

The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.
Source: NIST
CVE-2015-9473