Description
WordPress Plugin PictPress is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. WordPress Plugin PictPress version 0.91 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/26743/exploit
http://www.exploit-db.com/exploits/4695/
http://packetstormsecurity.com/files/view/61555/wppict-disclose.txt
Related Vulnerabilities
WordPress Plugin Skype Legacy Buttons Multiple Vulnerabilities (3.0.4)
WordPress Plugin Audio 'showfile' Parameter Cross-Site Scripting (0.5.1)
WordPress Plugin Chained Quiz Cross-Site Scripting (1.1.8.1)
WordPress 2.8.1 Comment Author URI Cross-Site Scripting Vulnerability (0.6.2 - 2.8.1)
WordPress Plugin ND Shortcodes For Visual Composer Security Bypass (5.8)