WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress plugin Custom Content Shortcode versions prior to 4.0.2 are vulnerable to an access control error, which stems from the plugin’s failure to validate data passed to it to load the shortcode. An attacker could exploit this vulnerability to allow Contributor (v<4.0.1) or Admin (v<4.0.2) users to display arbitrary files (e.g. logs, .htaccess, etc.) on the file system and perform local file inclusion attacks when executing PHP files.