A critical flaw was found in Theme Tuner plugin for WordPress. The vulnerability allows to attack operating system. The flaw is due to improper verification of input data passed to „tt-abspath“ parameter in wp-content/plugins/theme-tuner/ajax/savetag.php. The data are then used to include files so the vulnerability can be exploited to include arbitrary files from local or external resources.
The flaw was found in version 07. Users should upgrade to version 0.8.

Source: Secunia
24.01.2012