• WordPress Plugin Really Simple Guest Post is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Really Simple Guest Post version 1.0.6 is vulnerable; prior versions are also affected.

• Update to plugin version 1.0.7 or latest

• • https://www.exploit-db.com/exploits/37209/

• 

• CWE-22

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

• Missing Update File Inclusion

• WordPress Plugin User Domain Whitelist Multiple Vulnerabilities (1.4)
• WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.2.6)
• WordPress Plugin Advanced Custom Fields Cross-Site Scripting (4.4.3)
• WordPress Plugin WP Smart Image II Cross-Site Scripting (0.2)
• WordPress Plugin Chamber Dashboard Member Manager Cross-Site Scripting (2.0.5)