Woocommerce - PDF Invoice Exposure

What is "Woocommerce - PDF Invoice Exposure?"

The "Woocommerce - PDF Invoice Exposure" module is designed to detect a vulnerability in the Woocommerce plugin for WordPress. This vulnerability allows remote unauthenticated attackers to access company invoices and other sensitive information. The severity of this vulnerability is classified as medium.

This module was authored by mohammedsaneem and sec_hawk.

Impact

If exploited, this vulnerability could lead to unauthorized access to sensitive company invoices and potentially other confidential information. This can result in data breaches, financial loss, and reputational damage for affected organizations.

How the module works?

The "Woocommerce - PDF Invoice Exposure" module works by sending HTTP requests to the target website and analyzing the responses. It specifically targets the "/wp-content/uploads/pdf-invoices/" path.

The module uses two matching conditions to identify the vulnerability:

- The first condition checks if the response body contains the following words: "Index of /wp-content/uploads/pdf-invoices", "Parent Directory", and ".pdf". - The second condition checks if the response status code is 200.

If both conditions are met, the module reports a vulnerability, indicating that the target website is exposing PDF invoices and potentially other sensitive information.