CVE-2016-20064

MEDIUM NVD

CVSS Score 6.2

Severity MEDIUM

Published Jun 09, 2026

Vendor unknown

Description

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.

References

http://lenonleite.com.br/
https://wordpress.org/plugins/wp-vault/
https://www.exploit-db.com/exploits/40850
https://www.vulncheck.com/advisories/wp-vault-local-file-inclusion-via-wpv-image-parameter