# Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion # Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ # Date: 26-03-2022 # Exploit Author: Hassan Khan Yusufzai - Splint3r7 # Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/ # Version: 1.7.4 # Tested on: Firefox # Vulnerable File: video-synchro-pdf/reglages/Menu_Plugins/tout.php # Vulnerable Code: ``` [LFI] Contents of index.php: