Description
WordPress Plugin A/B Test is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin A/B Test version 1.0.6 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
http://packetstormsecurity.com/files/117353/WordPress-Abtest-Directory-Traversal.html
https://www.exploit-db.com/exploits/39577/
https://packetstormsecurity.com/files/136309/WordPress-Abtest-Local-File-Inclusion.html
Related Vulnerabilities
WordPress 4.5.x Arbitrary File Deletion Vulnerability (4.5 - 4.5.14)
WordPress Plugin FireStorm Professional Real Estate 'id' Parameter SQL Injection (2.06.03)
WordPress Plugin WooCommerce Catalog Enquiry Arbitrary File Upload (3.0.0)
WordPress Plugin Print, PDF, Email by PrintFriendly Multiple Unspecified Vulnerabilities (3.5.2)