Launchpad.net

CVE 2016-10960

The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.

See the CVE page on Mitre.org for more details.