CVE-2014-4942

NUCLEI

EasyCart <2.0.6 - Info Disclosure

Title source: llm

Description

The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.

Nuclei Templates (1)

WordPress EasyCart <2.0.6 - Information Disclosure

MEDIUMby DhiyaneshDk

References (2)

[Exploit] http://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure/

[Patch] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=829290%40wp-easycart&old=827627%40wp-easycart&sfp_email=&sfph_mail=

Scores

EPSS 0.0150

EPSS Percentile 81.2%

Details

CWE

CWE-200

Status published

Products (5)

levelfourdevelopment/wp-easycart 2.0.1

levelfourdevelopment/wp-easycart 2.0.2

levelfourdevelopment/wp-easycart 2.0.3

levelfourdevelopment/wp-easycart 2.0.4

levelfourdevelopment/wp-easycart < 2.0.5

Published Jul 11, 2014

Tracked Since Feb 18, 2026