Description
WordPress Plugin Landing Page Builder-Drag and drop Page Creator, Page Designer, and Coming Soon Pages is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Landing Page Builder-Drag and drop Page Creator, Page Designer, and Coming Soon Pages version 1.4.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.4 or latest
References
Related Vulnerabilities
Drupal Core 8.x Security Bypass (8.0.0 - 8.1.2)
WordPress Plugin AffiliateWP SQL Injection (1.5.6)
WordPress Plugin Simple Events Calendar SQL Injection (1.3.5)
WordPress Plugin smart Archive Page Remove Unspecified Vulnerability (3)
WordPress Plugin Rezgo Online Booking Cross-Site Scripting (1.8.6)