Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Elementor Plugin Directory Listing

By kannthu

Informative
Vidoc logoVidoc Module
#listing#plugin#edb#wordpress
Description

What is the "WordPress Elementor Plugin Directory Listing?"

The "WordPress Elementor Plugin Directory Listing" module is designed to detect sensitive directories present in the Elementor WordPress plugin. Elementor is a popular page builder plugin for WordPress that allows users to create and customize websites without coding knowledge. This module focuses on identifying potential misconfigurations or vulnerabilities within the plugin.

This module has an informative severity level, which means it provides valuable information but does not directly indicate a security risk.

Author: dhiyaneshDK

Impact

This module aims to identify sensitive directories within the Elementor WordPress plugin. The presence of sensitive directories can potentially expose sensitive information or provide unauthorized access to certain functionalities. By detecting these directories, website owners can take appropriate measures to secure their websites and protect user data.

How the module works?

The "WordPress Elementor Plugin Directory Listing" module works by sending an HTTP GET request to the "/wp-content/plugins/elementor/" path of the target WordPress website. It then applies matching conditions to determine if the response indicates the presence of sensitive directories.

Matching conditions:

- The response body must contain the words "Index of" and "/wp-content/plugins/elementor/". - The response status code must be 200 (OK).

If both matching conditions are met, the module considers the presence of sensitive directories within the Elementor plugin.

Example HTTP request:

GET /wp-content/plugins/elementor/ HTTP/1.1
Host: example.com

Reference: https://www.exploit-db.com/ghdb/6297

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: Index of, /wp-content/plugins/elementor/and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability