WordPress Plugin Spicy Blogroll Local File Include (1.0.0)

Description
  • WordPress Plugin Spicy Blogroll is prone to a local file include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process; this may aid in launching further attacks. WordPress Plugin Spicy Blogroll version 1.0.0 is vulnerable; other versions may also be affected.
Remediation
  • Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
References