# Exploit Author:Th3 R0cksT3r
# Exploit Title: WordPress File Disclosure Vulnerability
# Date: 20.04.2014
# Email: th3rockst3r@gmail.com
# Category: Webapps.
# Vendor Homepage: https://wordpress.org/
# Google Dork: inurl:/wp-content/plugins/ intext:Index of site:uk
# Vulnerablity Status: Vendor has been informed.
#Vulnerability Description:
Wordpress CMS is vulnerable to file disclosure vulnerability.An attacker can browse all the files on a website.
Source codes can also be found.Sensitive infos can be leaked.The government website's information can also be leaked.
# Demo websites of this vulnerability:
1. http://www.citXyofsalemnj.gov/wp-content/plugins/LayerSlider/
2. http://blogs.fXco.Xgov.uk/wp-content/plugins/mappress-google-maps-for-wordpress/
3. http://wwwX.bccl.gov.in/wp-content/plugins/wp-facebox-gallery/
4. http://bigzoo.cXo.uk/wp-content/plugins/LayerSlider/
5. http://blogs.ameXrica.gov/wp-content/plugins/kk-star-ratings/
5. http://www.pakXp.gov.pk/2013/wp-content/plugins/revslider/
6. http://gioXiamia.co.il/wp-content/plugins/revslider/
7. http://shmulXikim.co.il/wp-content/plugins/revslider/
8. http://www.coXnergy.us/wp-content/plugins/revslider/
9. http://industrialworld.com.pk/wp-content/plugins/global-flash-galleries/img/