Description
WordPress Plugin cloudsafe365_for_WP is prone to a file disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the web server process; this may aid in launching further attacks. WordPress Plugin cloudsafe365_for_WP version 1.46 is vulnerable.
Remediation
Update to plugin version 1.47 or latest
References
http://www.securityfocus.com/bid/55241/exploit
http://packetstormsecurity.com/files/115972/WordPress-Cloudsafe365-Local-File-Inclusion.html
Related Vulnerabilities
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)
Dolibarr Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-25957)
MySQL CVE-2017-3638 Vulnerability (CVE-2017-3638)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13663)
WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)