WordPress Plugin Vulnerabilities

ABtest - File Inclusion

Description

The abtest WordPress plugin was affected by a File Inclusion security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
abtest
No known fix

References

Exploitdb
39577
URL
https://github.com/wp-plugins/abtest/blob/master/abtest_admin.php

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
41957ee5-072f-4a4b-81e7-9fe772d91fc3

Timeline

Publicly Published
2016-03-21 (about 10 years ago)
Added
2016-03-23 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2025-07-25
Title
Kallyas < 4.22.0 - Authenticated (Contributor+) Arbitrary Folder Deletion
Published
2026-03-20
Title
Scape - Multipurpose WordPress theme < 1.5.16 - Unauthenticated Arbitrary File Deletion
Published
2026-05-04
Title
Forminator < 1.52.2 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]' Parameter
Published
2015-07-14
Title
Subscribe to Comments < 2.3 - Authenticated Local File Inclusion
Published
2024-03-28
Title
SellKit < 1.8.3 - Authenticated (Subscriber+) Arbitrary File Download