CVE Catalog

CVE-2016-20082

MediumCVSS 6.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile — higher than 24% of all known CVEs

Summary

The WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.

Risk Assessment

This vulnerability could lead to the execution of malicious code on the server, posing a serious threat to data security and system integrity. Attackers may gain access to sensitive information or take control of the system.

Recommendation

It is recommended to update the Abtest plugin to the latest version that fixes this vulnerability. Additionally, it is advisable to restrict access to administrative files and monitor server logs for unauthorized access attempts.

Original NVD description (English source)

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS