The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the “cfg” parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
Reference (s):
- FULLDISC:20190319 Re: WordPress Plugin GraceMedia Media Player 1.0 – Local File Inclusion
- URL: http://seclists.org/fulldisclosure/2019/Mar/32
- FULLDISC:20190319 WordPress Plugin GraceMedia Media Player 1.0 – Local File Inclusion
- URL: http://seclists.org/fulldisclosure/2019/Mar/26
- https://wordpress.org/plugins/gracemedia-media-player/#developers