Description
WordPress Plugin WP Custom Pages is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability may allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. WordPress Plugin WP Custom Pages versions 0.5.0.1 and prior are vulnerable.
Remediation
Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
References
http://www.securityfocus.com/bid/47146/exploit
http://www.exploit-db.com/exploits/17119/
http://packetstormsecurity.com/files/view/100047/WordPressWPCustomPages0.5.0.1-lfi.txt
Related Vulnerabilities
WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.6.5)
WordPress Plugin WPBakery Page Builder Clipboard Security Bypass (4.5.7)
Oracle JRE CVE-2014-0456 Vulnerability (CVE-2014-0456)
WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.0.2)
WordPress Plugin WordPress Poll Multiple Unspecified Vulnerabilities (35.0)