Description
WordPress Plugin GraceMedia Media Player is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin GraceMedia Media Player version 1.0 is vulnerable.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-17671)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2008-7248)
WordPress Plugin Survey Maker-Best WordPress Survey Cross-Site Scripting (2.0.6)
WordPress Plugin XML Sitemap & Google News feeds Cross-Site Scripting (3.9)