WordPress Plugin Abtest contains a local file inclusion...
Moderate severity
Unreviewed
Published
Jun 15, 2026
to the GitHub Advisory Database
•
Updated Jun 15, 2026
Description
Published by the National Vulnerability Database
Jun 15, 2026
Published to the GitHub Advisory Database
Jun 15, 2026
Last updated
Jun 15, 2026
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.
References