Wpdecent

**Name of the Vulnerable Software and Affected Versions** Flexi Product Slider and Grid for WooCommerce plugin for WordPress versions up to and including 1.0.5 **Description** The software contains a Local File Inclusion issue due to insufficient sanitization or validation of the `theme` parameter within the `flexipsg carousel` shortcode. This allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary PHP files on the server by manipulating the `theme` parameter when creating posts with shortcodes. The vulnerability is a result of directly concatenating the `theme` parameter into a file path without proper security checks, enabling directory traversal. **Recommendations** Versions prior to and including 1.0.5 should be updated.