CVE-2016-20078
6.2 MEDIUMWordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary...
Published: 2026-06-15 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 6.2 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-98
Description
WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-49954 — Discuz (7.2 HIGH)
- CVE-2016-20082 — WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by... (6.2 MEDIUM)
- CVE-2016-20080 — WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenti... (6.2 MEDIUM)
- CVE-2016-20079 — WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to includ... (6.2 MEDIUM)
- CVE-2016-20077 — WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary... (6.2 MEDIUM)