WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The WordPress Button Generator Plugin has a file inclusion vulnerability prior to 2.3.3. The vulnerability stems from the fact that the plugin does not effectively filter calls to remote file resources in the wowcompany admin menu page, which can be exploited to include arbitrary files with PHP extensions to execute arbitrary code.