Description
WordPress Plugin DM Albums is prone to a remote file inclusion vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin DM Albums version 1.9.2 is vulnerable; prior versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/35521/exploit
http://www.exploit-db.com/exploits/9043/
http://packetstormsecurity.com/files/view/78744/dmalbums-rfi.txt
Related Vulnerabilities
WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1)
WordPress Plugin Co-Authors Plus Multiple Unspecified Vulnerabilities (3.1.2)
WordPress Plugin Really Easy Slider TimThumb Arbitrary File Upload (0.1)
WordPress Plugin Carousel slideshow Arbitrary File Upload (3.11)
WordPress Plugin SG Optimizer Multiple Vulnerabilities (3.3.5)