EPSS
Percentile
53.4%
The plugin does not validate a shortcode attribute before using it to include a template file, allowing users with an editor role or above to include arbitrary files readable by the web server, and execute them in case of php files.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/blog-in-blog/blog-in-blog-111-authenticated-editor-local-file-inclusion-via-shortcode