Description
WordPress Plugin WP-Client Lite::Client Portals, File Sharing, Messaging & Invoicing is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP-Client Lite::Client Portals, File Sharing, Messaging & Invoicing version 1.1.1 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17)
MySQL CVE-2024-21051 Vulnerability (CVE-2024-21051)
e107 Deserialization of Untrusted Data Vulnerability (CVE-2016-10753)
WordPress Plugin WP Simple Cart Arbitrary File Upload (1.0.15)