vendor:
Wordpress Plugin Abtest
by:
CrashBandicot
6.1
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: Wordpress Plugin Abtest
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Chrome
2016
WordPress Plugin Abtest – Local File Inclusion
The Wordpress Plugin Abtest is vulnerable to Local File Inclusion. The vulnerability allows an attacker to include local files on the server by manipulating the 'action' parameter in the 'abtest_admin.php' file. This can lead to unauthorized access to sensitive files and potential remote code execution.
Mitigation:
The plugin vendor should sanitize user input and validate the 'action' parameter to prevent any malicious file inclusion. Users are advised to update to the latest version of the plugin to mitigate this vulnerability.