WordPress Aspose Words Exporter <2.0 - Local File Inclusion

What is the "WordPress Aspose Words Exporter <2.0 - Local File Inclusion?"

The "WordPress Aspose Words Exporter <2.0 - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Aspose Words Exporter plugin. This vulnerability allows an attacker to perform a local file inclusion attack, potentially leading to unauthorized access to sensitive files.

The severity of this vulnerability is classified as high, with a CVSS score of 7.5. It is important to address this vulnerability promptly to prevent potential exploitation.

This module was authored by 0x_Akoko.

Impact

If successfully exploited, the local file inclusion vulnerability in the WordPress Aspose Words Exporter plugin can allow an attacker to access sensitive files on the server. This can include configuration files containing database credentials, potentially leading to further compromise of the WordPress installation.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:

/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php

The module then applies the following matching conditions:

- The response body must contain the words "DB_NAME" and "DB_PASSWORD". - The response status code must be 200.

If both conditions are met, the module reports a vulnerability.

It is important to note that this module is part of a larger scanning process and is used to detect specific vulnerabilities or misconfigurations in WordPress installations.

For more information about this vulnerability, you can refer to the following references:

- https://wpscan.com/vulnerability/7869 - https://wordpre