The plugin allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post’s Layout
As a contributor, create a Cost Calculator post, set the Layout to /…/…/…/…/…/…/…/…/…/…/file (assuming the file to include is at C:\xampp\file.php and WordPress is installed at C:\xampp\htdocs\wordpress). Save as draft, then embde the calculator using the related shortcode (e.g [nd_cost_calculator id=“806”]) and preview the post to trigger the LFI.