WordPress plugin Web To Print Shop : uDraw arbitrary file reading vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Web To Print Shop: An arbitrary file reading vulnerability exists in versions of uDraw prior to 3.3.3, which stems from the plugin’s failure to validate its uDraw_context before using the url parameter in the file_get_ contents function and returning the content encoded in the response as base64. contents function and fails to validate the url parameter in its uDraw_convert_url_To_base64 AJAX operation (available to both unauthenticated users and authenticated people) before returning the content encoded in the response in base64. An attacker could exploit this vulnerability to read arbitrary files on the web server (e.g. /etc/passwd, wp-config.php, etc.).