Description
WordPress Plugin PictPress is prone to multiple local file include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. WordPress Plugin PictPress version 0.91 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
http://www.securityfocus.com/bid/26743/exploit
http://www.exploit-db.com/exploits/4695/
http://packetstormsecurity.com/files/view/61555/wppict-disclose.txt
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)
WordPress Plugin Import any XML or CSV File to WordPress Multiple Vulnerabilities (3.2.4)
WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.9.4.6)
Internet Information Services Other Vulnerability (CVE-2002-0150)