Hey there, I’ve been trying to pass the skills assessment, and the question “Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download.” seems to be the hardest one for me for some reason. I have found 3 vulnerable plugins through WPScan using my token, but there is no ‘unauthenticated file download’ result on any of them. Can anyone point me in the direction of what file they want me to get?
My command for scan was: WPScan --url blog.inlanefreight.loca --enumerate vp --api-token #####
Update: I found it, but had to go to exploit-db.com to find the exploit.