Description
WordPress Plugin SG Optimizer is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin SG Optimizer version 5.0.12 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.0.13 or latest
References
https://blog.sucuri.net/2019/03/vulnerability-disclosure-siteground-optimizer-caldera-forms.html
https://plugins.svn.wordpress.org/sg-cachepress/trunk/readme.txt
Related Vulnerabilities
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9634)
WordPress Plugin PWA for WP & AMP Security Bypass (1.7.32)
WordPress Other Vulnerability (CVE-2006-2667)
MySQL CVE-2013-1511 Vulnerability (CVE-2013-1511)
WordPress Plugin Browser and Operating System Finder Cross-Site Request Forgery (1.1)