Description
WordPress Plugin PictPress is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. WordPress Plugin PictPress version 0.91 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/26743/exploit
http://www.exploit-db.com/exploits/4695/
http://packetstormsecurity.com/files/view/61555/wppict-disclose.txt
Related Vulnerabilities
WordPress Plugin Keyword Meta Cross-Site Request Forgery (3.0)
WordPress Plugin Nmedia WordPress Member Conversation 'doupload.php' Arbitrary File Upload (1.3)
WordPress Plugin ARPrice-Responsive Pricing Table Cross-Site Request Forgery (2.3)
WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking SQL Injection (1.6.7)
WordPress Plugin Crafty Social Buttons Cross-Site Scripting (1.5.6)