PatchSiren cyber security CVE debrief
CVE-2016-20079 jamie CVE debrief
CVE-2016-20079 is a local file inclusion vulnerability in WordPress Dharma Booking 2.28.3 and earlier. This vulnerability allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter in proccess.php. Attackers can supply file paths with directory traversal sequences or null byte injection to read sensitive files like configuration and system files.
- Vendor
- jamie
- Product
- Dharma Booking
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WordPress Dharma Booking 2.28.3 and earlier should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 6.9 and a severity of MEDIUM. It can be exploited locally with low attack complexity and no privileges required.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to a patched version of WordPress Dharma Booking if available.
- Restrict access to the proccess.php file.
- Monitor for suspicious activity.
Evidence notes
The CVE record was published on 2026-06-15T14:16:31.370Z and has not been modified since then. The vulnerability is tracked under CWE-98.
Official resources
CVE-2016-20079 was published on 2026-06-15T14:16:31.370Z.