This issue is NOT with the file uploader javascript client. If any uploaded files are accessible without credentials, this is the fault of the developer who wrote the server-side code and did not take proper security precautions.
- Wordpress Valums Uploader - File Upload Vulnerability Vulnerability Lab
- Re: Wordpress Valums Uploader - File Upload Vulnera... fineuploader
