[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] | [+] Exploit Title: Wordpress Better-wp-security Plugin Remote Code Execution | [+] Exploit Author: Milad Hacking | [+] Vendor Homepage : https://wordpress.org/plugins/better-wp-security/ | [+] Download Link : https://downloads.wordpress.org/plugin/better-wp-security.4.6.12.zip | [+] Tested on: Kali , lceweasel | [+] Date : 2015-04-04 | [+] Version : 4.6.12 | [+] Google Dork : inurl:wp-content/plugins/better-wp-security | [+] Discovered By : Milad Hacking |-------------------------------------------------------------------------| | [+] Exploit: | | [+] Location : http://site.com/wp-content/plugins/better-wp-security/better-wp-security.php | [+] Vulnerability is also triggered in: http://site.com/wp-content/plugins/better-wp-security/core/class-itsec-core.php | [+] Vulnerable Code : Line 723 | [+] Screenshot : http://fullsecurity.org/acc/wp-content/uploads/Screenshot-from-2015-04-03-012110-e1427980993309.png public function admin_tooltip_ajax() { global $itsec_globals; if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['nonce'] ), 'itsec_tooltip_nonce' ) ) { die (); } if ( sanitize_text_field( $_POST['module'] ) == 'close' ) { $data = $itsec_globals['data']; $data['tooltips_dismissed'] = true; update_site_option( 'itsec_data', $data ); } else { call_user_func_array( $this->tooltip_modules[ sanitize_text_field( $_POST['module'] ) ]['callback'], array() ); } die(); // this is required to return a proper result } [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]