Authenticated Local File Inclusion (LFI) vulnerability discovered by 0xB9 (Patchstack Alliance) in WordPress Hover Effects plugin (versions <= 2.1).
Update the WordPress Hover Effects plugin to the latest available version (at least 2.1.1).