Description
WordPress Plugin Photocart Link is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Photocart Link version 1.6 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
https://www.exploit-db.com/exploits/39623/
https://packetstormsecurity.com/files/136448/WordPress-Photocart-Link-1.6-Local-File-Inclusion.html
Related Vulnerabilities
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.2)
WordPress Cryptographic Issues Vulnerability (CVE-2014-9037)
WordPress Plugin Profile Builder Pro Security Bypass (3.1.0)
WordPress Plugin Skysa App Bar Integration 'submit' Parameter Cross-Site Scripting (1.03)