Description
WordPress Plugin Service Finder-Provider and Business Listing is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability could allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application; this may aid in further attacks. WordPress Plugin Service Finder-Provider and Business Listing version 3.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.2 or latest
References
Related Vulnerabilities
WordPress Plugin Profile Builder-User Profile & User Registration Forms Security Bypass (3.1.0)
WordPress Plugin CMS Tree Page View Cross-Site Scripting (1.2.31)
WordPress Plugin Weather for us-animated weather widget Crypto Mining (1.8)
WordPress Plugin Royal Gallery Cross-Site Scripting (2.3)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.9.7)