The Wordpress Canto plugin before 3.0.5 is vulnerable to Remote File Inclusion (RFI) through the 'wp_abspath' parameter, allowing unauthenticated attackers to execute arbitrary remote code on the server if allow_url_include is enabled. The issue arises from the improper handling of the 'wp_abspath' variable in the 'download.php' code.

The Canto plugin for WordPress versions up to 3.0.4 is vulnerable to Remote File Inclusion (RFI) via the 'wp_abspath' parameter. This allows unauthenticated attackers to execute arbitrary remote code on the server if allow_url_include is enabled.