Description
WordPress Plugin ExS Widgets is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin ExS Widgets version 0.3.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.3.2 or latest
References
Related Vulnerabilities
IBM WebSEAL Other Vulnerability (CVE-2023-30998)
Oracle Database Server CVE-2007-2115 Vulnerability (CVE-2007-2115)
WordPress Plugin HDW WordPress Video Gallery Multiple Cross-Site Scripting Vulnerabilities (1.2)
WordPress Plugin Custom Dashboard & Login Page-AGCA Multiple Unspecified Vulnerabilities (1.5.4.2)