Path traversal in the popup-more WordPress plugin.
Vulnerable file location : /popup-more/classes/Ajax.php
Link : https://wordpress.org/plugins/popup-more/#description
Version : - < 2.2.0
Parameter: formKey
Status: patched
https://github.com/advisories/GHSA-wxfh-8hrr-vfjw
require_once YPM_POPUP_CLASSES.'form/'.esc_attr($key).'Form.php';