CVE-2016-20082
MediumCVSS 6.2Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
The WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.
Risk Assessment
This vulnerability could lead to the execution of malicious code on the server, posing a serious threat to data security and system integrity. Attackers may gain access to sensitive information or take control of the system.
Recommendation
It is recommended to update the Abtest plugin to the latest version that fixes this vulnerability. Additionally, it is advisable to restrict access to administrative files and monitor server logs for unauthorized access attempts.
Original NVD description (English source)
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.

