CVE-2016-20064NVD

Vulnerability Summary

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.

Severity Level

MEDIUM(6.2)

Published Date

Jun 9, 2026

Last Modified

Jun 9, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.02%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://www.exploit-db.com/exploits/40850
https://wordpress.org/plugins/wp-vault/
http://lenonleite.com.br/
https://www.vulncheck.com/advisories/wp-vault-local-file-inclusion-via-wpv-image-parameter

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2016-20064NVD

Vulnerability Summary

External References