Description
WordPress Plugin LiveSig is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin LiveSig version 0.4 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
References
http://www.exploit-db.com/exploits/17864/
http://packetstormsecurity.com/files/view/105223/wplivesig-rfi.txt
Related Vulnerabilities
WordPress Plugin LinkedIn by BestWebSoft Cross-Site Scripting (1.0.4)
WordPress Plugin WP Payeezy Pay Local File Inclusion (2.97)
Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21656)
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)
WordPress Plugin Page Builder by SiteOrigin Cross-Site Request Forgery (2.10.15)