Wordpress Relocate Upload Plugin 0.14 Remote File Inclusion

在relocate-upload.php文件第16行,没有对传入的abspath进行过滤,导致任意文件本地远程文件包含

if (isset($_GET['ru_folder']))
{	// WP setup and function access
	define('WP_USE_THEMES', false);
	require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameterarameter