Description
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.
Remediation
References
Related Vulnerabilities
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.7)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2012-3544)
WordPress Plugin SE HTML5 Album Audio Player Directory Traversal (1.1.0)
WordPress Plugin Custom css-js-php Cross-Site Request Forgery (2.0.7)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (5.5)