CVE-2014-4942
NUCLEIwp-easycart < 2.0.6 - Unauthenticated Sensitive Information Exposure via phpinfo.php
Title source: llmExploitation Summary
CVE-2014-4942 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.
Nuclei Templates (1)
WordPress EasyCart <2.0.6 - Information Disclosure
MEDIUMby DhiyaneshDk
References (2)
Core 2
Core References
Patch x_refsource_confirm
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=829290%40wp-easycart&old=827627%40wp-easycart&sfp_email=&sfph_mail=
Exploit x_refsource_misc
http://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure/
Scores
EPSS
0.0251
EPSS Percentile
85.7%
Details
CWE
CWE-200
Status
published
Products (5)
levelfourdevelopment/wp-easycart
2.0.1
levelfourdevelopment/wp-easycart
2.0.2
levelfourdevelopment/wp-easycart
2.0.3
levelfourdevelopment/wp-easycart
2.0.4
levelfourdevelopment/wp-easycart
< 2.0.5
Published
Jul 11, 2014
Tracked Since
Feb 18, 2026