WordPress Level Four Storefront third party plugin version 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
2793e0426823c0d4d1943351bb6e17f5cc58a108b2a54e19c3b5dff67efbd20e
######################################################
# Exploit Title: wordpress plugin v3 level four storefront SQL injection Vulnerability
#
# Exploit Author: Ashiyane Digital Security Team
#
# Home : www.Ashiyane.org
#
# Vendor Homepage: www.clubhousenairn.co.uk
#
# Software Link: www.levelfourstorefront.com
#
# version:3
#
# Tested on: Windows 7
#
# Dork: inurl:"/wp-content/plugins/levelfourstorefront" & intext:Warning: mysql_query()
#
=================================
#Location:site//wp-content/plugins/levelfourstorefront/getsortmanufacturers.php?id=[SQL]
#
#
#DEm0:http://www.550arts.com/wp-content/plugins/levelfourstorefront/getsortmanufacturers.php?id=1
#
#Vulnerable code : in getsortmanufacturers.php
#####################################
======================================
* Greetz to: My Lord Allah
* Sp Tnx To:
Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,am118,PrinceofHacking,Alireza66,Amirh03in,B4b4K KH4TaR,sil3nt and all
Ashiyane Security [ Researcher Team AND Deface Team ]
* The Last One : My Self, tr0janman
*******
##########################