WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cost Calculator plugin version 1.4 and earlier contains a path traversal vulnerability that stems from the failure of a web system or product to properly filter special elements in a resource or file path. An attacker could exploit this vulnerability to allow users with roles as low as Contributor to perform path traversal on Windows Web servers via layouts published by Cost Calculator.