Lucene search
Apple502jWPVDB-ID:47652B24-A6F0-4BBC-834E-496B88523FE7HistoryFeb 01, 2022 - 12:00 a.m.
Cost Calculator <= 1.8 - Authenticated Local File Inclusion
2022-02-0100:00:00
apple502j
wpscan.com
9
cost calculator
authenticated users
path traversal
local file inclusion
windows web servers
admin+
EPSS
0.001
Percentile
40.2%
The plugin allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.8) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post’s Layout
PoC
As a contributor, create a Cost Calculator post, set the Layout to /…/…/…/…/…/…/…/…/…/…/file (assuming the file to include is at C:\xampp\file.php and WordPress is installed at C:\xampp\htdocs\wordpress). Save as draft, then embde the calculator using the related shortcode (e.g [nd_cost_calculator id=“806”]) and preview the post to trigger the LFI.
Related
patchstack
patchstack
wpexploit
wpexploit
Cost Calculator <= 1.4 - Contributor+ Local File Inclusion
2021-11-03 00:00:00
Cost Calculator <= 1.8 - Authenticated Local File Inclusion
2022-02-01 00:00:00
cnvd
cnvd
WordPress Cost Calculator plugin path traversal vulnerability
2022-03-02 00:00:00
cvelist
cvelist
CVE-2021-24820 Cost Calculator <= 1.6 - Authenticated Local File Inclusion
2022-02-28 09:06:10
prion
prion
Path traversal
2022-02-28 09:15:00
nvd
nvd
CVE-2021-24820
2022-02-28 09:15:07
wpvulndb
wpvulndb
Cost Calculator <= 1.4 - Contributor+ Local File Inclusion
2021-11-03 00:00:00
cve
cve
CVE-2021-24820
2022-02-28 09:15:07