Description
WordPress Plugin Posts in Page is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Posts in Page version 1.2.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.0 or latest
References
Related Vulnerabilities
ownCloud Improper Access Control Vulnerability (CVE-2016-9460)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4448)
WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Scripting (3.6.7)
WordPress Plugin Contact Form 7 Redirect & Thank You Page Cross-Site Request Forgery (1.0.3)