Product
The WordPress WP with Spritz plugin version 1.0 is vulnerable to remote file inclusion (RFI), allowing unauthenticated attackers to read arbitrary files by injecting file paths into the `url` parameter of the `wp.spritz.content.filter.php` endpoint, potentially exposing sensitive system configuration and credentials.