Description
WordPress Plugin Theme Tuner is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Theme Tuner version 0.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.8 or latest
References
Related Vulnerabilities
WordPress Plugin IP Geo Block Security Bypass (2.2.2)
WordPress Plugin Wordpress Forms Multiple Vulnerabilities (0.2.7.1)
WordPress 4.2.x Prototype Pollution (4.2 - 4.2.31)
WordPress Plugin Radio Buttons for Taxonomies Cross-Site Request Forgery (2.0.5)
WordPress Plugin Kimili Flash Embed Unspecified Vulnerability (2.2.1)