AMAR^SHG

3 exploits Active since Jun 2026
CVE-2016-20080 EXPLOITDB MEDIUM text WRITEUP
WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php
WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code.
CVSS 6.2
CVE-2016-20079 EXPLOITDB MEDIUM text WORKING POC
WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.
CVSS 6.2
EIP-2026-113822 EXPLOITDB text WORKING POC
WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure