This Spellchecker plugin's "general.php" parameter is prone to remote file include and local file include vulnerabilities because of application's failure to sufficiently clean up user-supplied input. These issues allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process. Other attacks are also possible.
Update the plugin.
Found a vulnerability that puts your sites at risk?