Description
WordPress Plugin Insert Pages is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Insert Pages version 3.2.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.4 or latest
References
https://wordpress.org/support/topic/insert-pages-has-been-removed-from-wordpress-org/
https://plugins.svn.wordpress.org/insert-pages/trunk/readme.txt
Related Vulnerabilities
Werkzeug WSGI CVE-2023-23934 Vulnerability (CVE-2023-23934)
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.2)
WordPress Plugin Responsive Lightbox by dFactory Cross-Site Scripting (1.7.1)
CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.1)