While we were attempting to test to see if the WordPress plugin Transposh Translation Filter was susceptible to another vulnerability, we stumbled across an authenticated local file inclusion vulnerability in the plugin, which can also be exploited through cross-site request forgery (CSRF).

What led to that, was this comment on support forum topic for the plugin: [Read more]