Summary
This host is installed with WordPress Zingiri Web Shop Plugin and is prone to remote file inclusion vulnerability.
Impact
Successful exploitation could allow attackers to perform directory traversal attacks and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to WordPress Zingiri Web Shop Plugin Version 2.2.1 or later.
For updates refer to http://wordpress.org/extend/plugins/zingiri-web-shop/download/
Insight
The flaw is due to improper validation of user-supplied input passed via 'wpabspath' parameter to /wp-content/plugins/zingiri-web-shop/fws/ajax/ init.inc.php, which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
WordPress Zingiri Web Shop Plugin Version 2.2.0
References
Updated on 2015-03-25