Description
WordPress Plugin cloudsafe365_for_WP is prone to a file disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the web server process; this may aid in launching further attacks. WordPress Plugin cloudsafe365_for_WP version 1.46 is vulnerable.
Remediation
Update to plugin version 1.47 or latest
References
http://www.securityfocus.com/bid/55241/exploit
http://packetstormsecurity.com/files/115972/WordPress-Cloudsafe365-Local-File-Inclusion.html
Related Vulnerabilities
WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.24.0)
WordPress Plugin Share on Diaspora Cross-Site Scripting (0.7.1)
WordPress Plugin Rockhoist Badges Cross-Site Scripting (1.2.2)
WordPress Plugin Google XML Sitemap for Videos Cross-Site Request Forgery (2.6.1)
WordPress Plugin CM Pop-Up banners for WordPress Cross-Site Scripting (1.4.10)