CVE-2016-20080 WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php
WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wpabspath parameter. Attackers can supply path traversal sequences or remote URLs through the...