WordPress Plugin WP-Lytebox pg Parameter Local File Inclusion - CVE-2009-4672

WordPress Plugin WP-Lytebox is prone to a vulnerability which can be exploited by malicious people to disclose sensitive information. Input passed to the pg parameter in wp-lytebox/main.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. WordPress Plugin WP-Lytebox version 1.3 is vulnerable other versions may also be affected.