Description
WordPress Plugin CIP4 Folder Download Widget is prone to a local file inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin CIP4 Folder Download Widget version 1.10 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin WordPress.com Custom CSS Cross-Site Scripting (1.5)
WordPress Plugin Filtre de Surveillance Gouvernemental Cross-Site Scripting (1.1)
WordPress Plugin Adsense Extreme 'adsensextreme[lang]' Parameter Remote File Include (1.0.3)
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12529)