description:WordPress Responsive Vector Maps < 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter
in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.