Description
WordPress Plugin WPS Child Theme Generator is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WPS Child Theme Generator version 1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2 or latest
References
https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/
https://plugins.svn.wordpress.org/wps-child-theme-generator/trunk/readme.txt
Related Vulnerabilities
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.0.2)
WordPress Plugin RocketTheme RokBox Multiple Vulnerabilities (2.13)
WordPress Plugin WooCommerce Cart Expiration PHP Object Injection (0.1.0)
WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)