Lucene search
Apple502jWPVDB-ID:6DC5558F-D1F4-4BA3-B6F3-8C4E15D9738EHistoryNov 03, 2021 - 12:00 a.m.
Cost Calculator <= 1.4 - Contributor+ Local File Inclusion
2021-11-0300:00:00
apple502j
wpscan.com
7
The plugin allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post’s Layout
PoC
As a contributor, create a Cost Calculator post, set the Layout to /…/…/…/…/…/…/…/…/…/…/file (assuming the file to include is at C:\xampp\file.php and WordPress is installed at C:\xampp\htdocs\wordpress). Save as draft, then embde the calculator using the related shortcode (e.g [nd_cost_calculator id=“806”]) and preview the post to trigger the LFI.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nd-projects | eq | * |
Related
patchstack
patchstack
wpexploit
wpexploit
Cost Calculator <= 1.8 - Authenticated Local File Inclusion
2022-02-01 00:00:00
Cost Calculator <= 1.4 - Contributor+ Local File Inclusion
2021-11-03 00:00:00
cnvd
cnvd
WordPress Cost Calculator plugin path traversal vulnerability
2022-03-02 00:00:00
prion
prion
Path traversal
2022-02-28 09:15:00
wpvulndb
wpvulndb
Cost Calculator <= 1.8 - Authenticated Local File Inclusion
2022-02-01 00:00:00
cve
cve
CVE-2021-24820
2022-02-28 09:15:00
Related for WPVDB-ID:6DC5558F-D1F4-4BA3-B6F3-8C4E15D9738E