WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin WP Image Zoom has a file inclusion vulnerability in versions prior to 1.47. The vulnerability stems from not validating its tab parameter before using it in the include once() function, leading to a local file inclusion issue in the admin dashboard. An attacker could use this vulnerability to obtain the inclusion of local files to obtain sensitive information, etc.