CVE-2017-18586

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.