Description
WordPress Plugin ExS Widgets is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin ExS Widgets version 0.3.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.3.2 or latest
References
Related Vulnerabilities
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.8)
Oracle Database Server CVE-2015-2585 Vulnerability (CVE-2015-2585)
Oracle Database Server CVE-2009-3410 Vulnerability (CVE-2009-3410)
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.6.9.1)
WordPress Insecure Default Initialization of Resource Vulnerability (CVE-2017-5491)