Description
WordPress Plugin Visual Composer:Page Builder for WordPress is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Visual Composer:Page Builder for WordPress version 5.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.1.1 or latest
References
http://wphutte.com/visual-composer-v5-1-local-php-file-include/
https://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431
Related Vulnerabilities
Oracle JRE CVE-2012-4681 Vulnerability (CVE-2012-4681)
Python Improper Privilege Management Vulnerability (CVE-2020-29396)
WordPress Plugin Request a Quote Cross-Site Scripting (2.3.4)
WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Scripting (2.70)
Jenkins Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-2612)