WordPress Duplicator Plugin - Information disclosure

What is the "WordPress Duplicator Plugin - Information disclosure?"

The "WordPress Duplicator Plugin - Information disclosure" module is designed to detect unauthenticated information disclosure vulnerabilities in the Duplicator WordPress plugin. This plugin is used for migrating, cloning, and backing up WordPress websites. The severity of this vulnerability is classified as medium.

This module was authored by tess.

Impact

An unauthenticated attacker can exploit this vulnerability to gain access to sensitive files within the Duplicator plugin. This can lead to the exposure of sensitive information, such as database credentials, configuration files, and other sensitive data stored within the plugin's backup directory.

How the module works?

The module works by sending HTTP requests to specific paths within the WordPress installation. It checks for the presence of certain conditions to determine if the information disclosure vulnerability exists.

For example, the module may send a GET request to the "/wp-content/backups-dup-lite/tmp/" and "/wp-content/backups-dup-lite" paths. It then matches the response against specific conditions, such as the presence of the phrase "Index of /wp-content/backups-dup-lite/" in the response body, the "text/html" content type in the response header, and a 200 status code.

If all the matching conditions are met, the module reports the vulnerability.

The module's JSON definition contains additional metadata, such as the maximum number of requests to be made (in this case, 2) and whether the vulnerability has been verified.