Description
WordPress Plugin Insert Pages is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Insert Pages version 3.2.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2.4 or latest
References
https://wordpress.org/support/topic/insert-pages-has-been-removed-from-wordpress-org/
https://plugins.svn.wordpress.org/insert-pages/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP SVG Icons Cross-Site Request Forgery (3.2.1)
WordPress Plugin WP Custom Admin Login Page Logo Unspecified Vulnerability (1.4.1)
WordPress Plugin Thrive Architect Security Bypass (2.6.7.3)
WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.5)
WordPress 3.0.3 KSES Library Cross-Site Scripting Vulnerability (0.6.2 - 3.0.3)