CVE-2016-20080

MEDIUM

WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-20080. PoCs published by AMAR^SHG.

AI-analyzed exploit summary The exploit details a Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerability in the WordPress brandfolder plugin (version <=3.0). The vulnerability arises from unsanitized user input in the 'wp_abspath' parameter, allowing attackers to include arbitrary local or remote files.

Description

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code.

Exploits (1)

exploitdb WRITEUP

by AMAR^SHG · textwebappsphp

https://www.exploit-db.com/exploits/39591

View Code ZIP pw:eip

The exploit details a Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerability in the WordPress brandfolder plugin (version <=3.0). The vulnerability arises from unsanitized user input in the 'wp_abspath' parameter, allowing attackers to include arbitrary local or remote files.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress brandfolder plugin <=3.0

No auth needed

Prerequisites: WordPress installation with brandfolder plugin <=3.0

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Jun 15, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-39591

https://www.exploit-db.com/exploits/39591

Product product

Official Product Homepage

https://brandfolder.com

Product product

Product Reference

https://wordpress.org/plugins/brandfolder/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php

https://www.vulncheck.com/advisories/wordpress-brandfolder-plugin-local-file-inclusion-via-callback-php

Scores

CVSS v3 6.2

EPSS 0.0039

EPSS Percentile 30.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-98

Status published

Products (1)

Brandfolder/Brandfolder < 3.0

Published Jun 15, 2026

Tracked Since Jun 15, 2026