CVE-2018-25329

Name of the Vulnerable Software and Affected Versions WP with Spritz version 1.0

Description An issue in the WP with Spritz plugin allows unauthenticated attackers to read arbitrary files. This is achieved by injecting file paths into the url parameter via GET requests sent to the 'wp.spritz.content.filter.php' endpoint. This can lead to the exposure of sensitive information, such as system configurations and credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.