Launchpad.net

CVE 2016-10977

The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal.

See the CVE page on Mitre.org for more details.