← back
CVE-2016-20082

WordPress Plugin Abtest Local File Inclusion via abtest_admin.php

CVSS 6.9 MEDIUMEPSS 0.3%CWE-98
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
abtest · Abtest
public PoCs found1
cve_referencewww.exploit-db.com/exploits/39577unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/wp-plugins/abtesthttps://www.exploit-db.com/exploits/39577https://www.vulncheck.com/advisories/wordpress-plugin-abtest-local-file-inclusion-via-abtest-admin-php