WordPress Elementor Plugin Directory Listing

What is the "WordPress Elementor Plugin Directory Listing?"

The "WordPress Elementor Plugin Directory Listing" module is designed to detect sensitive directories present in the Elementor WordPress plugin. Elementor is a popular page builder plugin for WordPress that allows users to create and customize websites without coding knowledge. This module focuses on identifying potential misconfigurations or vulnerabilities within the plugin.

This module has an informative severity level, which means it provides valuable information but does not directly indicate a security risk.

Author: dhiyaneshDK

Impact

This module aims to identify sensitive directories within the Elementor WordPress plugin. The presence of sensitive directories can potentially expose sensitive information or provide unauthorized access to certain functionalities. By detecting these directories, website owners can take appropriate measures to secure their websites and protect user data.

How the module works?

The "WordPress Elementor Plugin Directory Listing" module works by sending an HTTP GET request to the "/wp-content/plugins/elementor/" path of the target WordPress website. It then applies matching conditions to determine if the response indicates the presence of sensitive directories.

Matching conditions:

- The response body must contain the words "Index of" and "/wp-content/plugins/elementor/". - The response status code must be 200 (OK).

If both matching conditions are met, the module considers the presence of sensitive directories within the Elementor plugin.

Example HTTP request:

GET /wp-content/plugins/elementor/ HTTP/1.1
Host: example.com

Reference: https://www.exploit-db.com/ghdb/6297

Metadata: max-request: 1