Input validation vulnerability in News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) 3.4.1

The News & Blog Designer Pack – WordPress Blog Plugin is a plugin for WordPress websites that allows users to design their blog posts. Unfortunately, it has been discovered that all versions of the plugin up to and including 3.4.1 contain a vulnerability that allows unauthorised attackers to run code on the WordPress website. This vulnerability is known as Remote Code Execution via Local File Inclusion. It is caused by the plugin not filtering the input it receives from attackers, meaning that attackers can include malicious files. On certain WordPress configurations, this can allow attackers to gain full control of the website.