CVE-2015-9480

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.