Description
WordPress Plugin Eventify-Simple Events is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Eventify-Simple Events version 1.7.g is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.h or latest
References
Related Vulnerabilities
WordPress Plugin Poll, Survey, Questionnaire and Voting system SQL Injection (1.2.4)
WordPress Plugin Count per Day 'notes.php' Cross-Site Scripting (3.2.3)
WordPress Plugin Debug Bar Multiple Unspecified Vulnerabilities (0.8.4)
WordPress Plugin Skysa App Bar Integration 'submit' Parameter Cross-Site Scripting (1.03)