WordPress File Disclosure Vulnerability

2014.04.21
Credit: Th3 R0cksT3r
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/wp-content/plugins/ intext:Index of site:uk

# Exploit Author:Th3 R0cksT3r # Exploit Title: WordPress File Disclosure Vulnerability # Date: 20.04.2014 # Email: th3rockst3r@gmail.com # Category: Webapps. # Vendor Homepage: https://wordpress.org/ # Google Dork: inurl:/wp-content/plugins/ intext:Index of site:uk # Vulnerablity Status: Vendor has been informed. #Vulnerability Description: Wordpress CMS is vulnerable to file disclosure vulnerability.An attacker can browse all the files on a website. Source codes can also be found.Sensitive infos can be leaked.The government website's information can also be leaked. # Demo websites of this vulnerability: 1. http://www.citXyofsalemnj.gov/wp-content/plugins/LayerSlider/ 2. http://blogs.fXco.Xgov.uk/wp-content/plugins/mappress-google-maps-for-wordpress/ 3. http://wwwX.bccl.gov.in/wp-content/plugins/wp-facebox-gallery/ 4. http://bigzoo.cXo.uk/wp-content/plugins/LayerSlider/ 5. http://blogs.ameXrica.gov/wp-content/plugins/kk-star-ratings/ 5. http://www.pakXp.gov.pk/2013/wp-content/plugins/revslider/ 6. http://gioXiamia.co.il/wp-content/plugins/revslider/ 7. http://shmulXikim.co.il/wp-content/plugins/revslider/ 8. http://www.coXnergy.us/wp-content/plugins/revslider/ 9. http://industrialworld.com.pk/wp-content/plugins/global-flash-galleries/img/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top