Description
WordPress Plugin File Manager Advanced Shortcode is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin File Manager Advanced Shortcode version 2.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.4.1 or latest
References
Related Vulnerabilities
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5731)
MySQL Insufficiently Protected Credentials Vulnerability (CVE-2012-5627)
WordPress Plugin Advanced Custom Fields:Table Field Cross-Site Scripting (1.1.12)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7833)