Description
WordPress Plugin Visual Composer:Page Builder for WordPress is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Visual Composer:Page Builder for WordPress version 5.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.1.1 or latest
References
http://wphutte.com/visual-composer-v5-1-local-php-file-include/
https://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431
Related Vulnerabilities
WebLogic CVE-2021-2142 Vulnerability (CVE-2021-2142)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Scripting Vulnerabilities (1.8.7)
WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (2.0.2)
MySQL CVE-2016-0642 Vulnerability (CVE-2016-0642)
WordPress Plugin Disable Comments Cross-Site Request Forgery (1.0.3)