In certain versions of the DM FileManager Wordpress Plugin, the security_file parameter does not correctly check the source of a file before including it, leading to a remote file inclusion vulnerability that can be leveraged to gain remote code execution.
41fbdd0b4c17113fac05e11bebc41175e9551ce9772141ef01a6e7e1db1f5db0