.. / CVE-2018-20985

Exploit for WordPress Payeezy Pay <=2.97 - Local File Inclusion (CVE-2018-20985)

Description:

WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.

Nuclei Template

View the template here CVE-2018-20985.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-20985.yaml

References:

https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://wordpress.org/plugins/wp-payeezy-pay/#developers
https://nvd.nist.gov/vuln/detail/CVE-2018-20985

.. / CVE-2018-20985 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Payeezy Pay <=2.97 - Local File Inclusion (CVE-2018-20985)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-20985