Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and Download

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and Download?"

The "WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and Download" module is designed to detect a vulnerability in the WordPress plugin Cherry version 1.2.7 and below. This vulnerability allows an attacker to upload files directly to the server without authentication. The severity of this vulnerability is classified as high.


If exploited, this vulnerability can lead to unauthorized access to sensitive files on the server. An attacker could potentially upload malicious files or backdoors, compromising the security and integrity of the WordPress website.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:


The module then checks for specific words in the response body, such as "DB_NAME" and "DB_PASSWORD", to confirm the presence of sensitive information. Additionally, it verifies that the HTTP response status is 200.

If both conditions are met, the module reports a vulnerability, indicating that the WordPress Cherry plugin is susceptible to unauthenticated arbitrary file upload and download.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability