Description
WordPress Plugin WP Post Popup is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Post Popup version 2.1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.1.2 or latest
References
Related Vulnerabilities
WordPress Plugin Ultimate Membership Pro Security Bypass (8.6)
Dolphin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4333)
WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (6.1.5)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.19)
WordPress Plugin WP Mail Logging Cross-Site Scripting (1.11.1)