Description
WordPress Plugin Fusion Engage is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application; this may aid in further attacks. WordPress Plugin Fusion Engage version 1.0.5 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://seclists.org/fulldisclosure/2015/Apr/27
http://packetstormsecurity.com/files/131379/WordPress-Fusion-Engage-Local-File-Disclosure.html
Related Vulnerabilities
Ruby Improper Input Validation Vulnerability (CVE-2008-3657)
WordPress Plugin Simple Share Buttons Adder Multiple Vulnerabilities (4.4)
WordPress 6.2.x Multiple Vulnerabilities (6.2 - 6.2.2)
WordPress Plugin Car Rental by BestWebSoft Cross-Site Scripting (1.0.4)
Jboss EAP XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2018-1000632)