CVE-2018-20985
published 2019-08-22CVE-2018-20985: The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.61%
93.8th percentile
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| payeezy | wp_payeezy_pay | < 2.98 | 2.98 |
Detection & IOCsextracted from sources · hover to see the quote
- →POST request to donate.php with body parameter x_login containing directory traversal sequence (../../../wp-config) indicates active LFI exploitation attempt against wp-payeezy-pay plugin. ↗
- →Successful exploitation returns HTTP 200 with wp-config.php content in the response body; look for strings 'The base configuration for WordPress', 'define( \'DB_NAME\',', and 'define( \'DB_PASSWORD\',' simultaneously. ↗
- →The LFI vulnerability also affects pay.php, donate-rec, and pay-rec files within the same plugin directory; monitor POST requests to all four endpoints for traversal payloads. ↗
- ·The LFI is triggered via the x_login POST parameter; the traversal depth (../../../) targets wp-config.php relative to the plugin directory — adjust depth based on actual WordPress installation path. ↗
- ·Versions 2.97 and prior are vulnerable; version 2.98 is the first patched release. Detections should scope to plugin version checks where possible. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Payeezy Pay <=2.97 - Local File Inclusion
nuclei·CVSS 9.8
CVE-2018-20985 [CRITICAL] WordPress Payeezy Pay <=2.97 - Local File Inclusion
WordPress Payeezy Pay <=2.97 - Local File Inclusion
WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
Template:
id: CVE-2018-20985
info:
name: WordPress Payeezy Pay <=2.97 - Local File Inclusion
author: daffainfo
severity: critical
description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. W
2019-08-22
Published