The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.Referenceshttps://wordpress.org/plugins/posts-in-page/#developershttps://www.pluginvulnerabilities.com/2017/02/13/authenticated-local-file-inclusion-lfi-vulnerability-in-posts-in-page/
