Description
WordPress Plugin Simple Fields is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Simple Fields version 0.3.5 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 0.3.6 or latest
References
https://www.exploit-db.com/exploits/44425/
https://plugins.svn.wordpress.org/simple-fields/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Google Authenticator Unspecified Vulnerability (0.47)
WordPress Plugin IgnitionDeck Security Bypass (1.1.6)
WordPress 4.9.x Cross-Site Request Forgery (4.9 - 4.9.9)
WordPress 5.0 Multiple Vulnerabilities (5.0 - 5.0)
WordPress Plugin Email Subscribers & Newsletters Cross-Site Scripting (4.1.6)