MEDIUM
Brandfolder
CVE published 2026-06-15
CVE-2016-20080
CVE-2016-20080 is a local file inclusion vulnerability in the WordPress Brandfolder plugin version 3.0 and earlier. The vulnerability allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter in callback.php. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code.