WordPress Plugin WP-Lytebox 'pg' Parameter Local File Inclusion (1.3)

Description
  • WordPress Plugin WP-Lytebox is prone to a vulnerability which can be exploited by malicious people to disclose sensitive information. Input passed to the "pg" parameter in wp-lytebox/main.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. WordPress Plugin WP-Lytebox version 1.3 is vulnerable; other versions may also be affected.
Remediation
  • Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References