Description
WordPress Plugin Visual Composer:Page Builder for WordPress is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Visual Composer:Page Builder for WordPress version 5.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.1.1 or latest
References
http://wphutte.com/visual-composer-v5-1-local-php-file-include/
https://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431
Related Vulnerabilities
WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking SQL Injection (1.6.7)
PHP Improper Input Validation Vulnerability (CVE-2007-3799)
WordPress Plugin BuddyBoss Wall Cross-Site Scripting (1.1.7)
WordPress 4.9.x Multiple Vulnerabilities (4.9)
Oracle Database Server CVE-2014-6541 Vulnerability (CVE-2014-6541)