WordPress WP With Spritz plugin 1.0 - File Inclusion vulnerability
WP with Spritz
File Inclusion vulnerability found by Wadeek in WordPress WP With Spritz plugin (version 1.0).
29.04.2018 - no solution found, according to WordPress.org plugin repository the last update made three years ago.
Attention! This vulnerability discoverable by Google Dork: intitle:("Spritz Login Success") AND inurl:("wp-with-spritz/wp.spritz.login.success.html"). The plugin is dangerous, deactivate and uninstall.
Type Local File Inclusion OWASP Top 10 A4: Insecure Direct Object References