Description
WordPress Plugin PictPress is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. WordPress Plugin PictPress version 0.91 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/26743/exploit
http://www.exploit-db.com/exploits/4695/
http://packetstormsecurity.com/files/view/61555/wppict-disclose.txt
Related Vulnerabilities
WordPress Plugin Grid Gallery-Photo Image Grid Gallery Cross-Site Scripting (1.2.4)
WordPress Plugin WolfNet IDX for WordPress Multiple Unspecified Vulnerabilities (1.14.7)
Plone CMS Other Vulnerability (CVE-2006-1711)
Drupal Core 9.2.x Cross-Site Scripting (9.2.0 - 9.2.3)
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-7226)