Description
WordPress Plugin WPS Child Theme Generator is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WPS Child Theme Generator version 1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2 or latest
References
https://secupress.me/blog/wps-child-theme-generator-v1-1-multiples-vulnerabilities/
https://plugins.svn.wordpress.org/wps-child-theme-generator/trunk/readme.txt
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7449)
WordPress Plugin Knews Multilingual Newsletters 'ff' Parameter Cross-Site Scripting (1.1.0)
WordPress Plugin Ultimate Instagram Feed Unspecified Vulnerability (1.3)
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2020-13935)
e107 Inadequate Encryption Strength Vulnerability (CVE-2021-27885)