Description
WordPress Plugin Mailing List is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Mailing List version 1.3.3 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.3.4 or latest
References
http://www.securityfocus.com/bid/49691/exploit
http://www.exploit-db.com/exploits/17866/
http://packetstormsecurity.com/files/view/105236/wpmailinglist-rfi.txt
Related Vulnerabilities
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Security Bypass (2.2.5)
PHP Numeric Errors Vulnerability (CVE-2014-3587)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000355)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)