Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Woocommerce - PDF Invoice Exposure" module is designed to detect a vulnerability in the Woocommerce plugin for WordPress. This vulnerability allows remote unauthenticated attackers to access company invoices and other sensitive information. The severity of this vulnerability is classified as medium.
This module was authored by mohammedsaneem and sec_hawk.
If exploited, this vulnerability could lead to unauthorized access to sensitive company invoices and potentially other confidential information. This can result in data breaches, financial loss, and reputational damage for affected organizations.
The "Woocommerce - PDF Invoice Exposure" module works by sending HTTP requests to the target website and analyzing the responses. It specifically targets the "/wp-content/uploads/pdf-invoices/" path.
The module uses two matching conditions to identify the vulnerability:
- The first condition checks if the response body contains the following words: "Index of /wp-content/uploads/pdf-invoices", "Parent Directory", and ".pdf". - The second condition checks if the response status code is 200.If both conditions are met, the module reports a vulnerability, indicating that the target website is exposing PDF invoices and potentially other sensitive information.