Index: /controller/wpsg_SystemController.class.php
===================================================================
--- /controller/wpsg_SystemController.class.php	(revision 7026)
+++ /controller/wpsg_SystemController.class.php	(revision 7027)
@@ -629,5 +629,5 @@
 
             // Ich lasse nur Dateien unterhalb von wp-content zu aus SicherheitsgrÃŒnden
-            if (strpos(sanitize_file_name(realpath($render_file)), sanitize_file_name(WPSG_PATH_CONTENT)) !== 0) {
+            if (strpos(sanitize_file_name(realpath($render_file)), sanitize_file_name(WPSG_PATH_CONTENT)) !== 0 || !preg_match('/\.phtml$/i', $render_file)) {
                  
                 throw new \Exception(__('Zugriffsfehler!', 'wpsg'));