WordPress gtranslate Plugin Directory Listing

What is the "WordPress gtranslate Plugin Directory Listing?"

The "WordPress gtranslate Plugin Directory Listing" module is designed to detect sensitive directories present in the gtranslate WordPress plugin. It is a test case used by the Vidoc platform to scan for misconfigurations or vulnerabilities in the plugin.

This module targets the gtranslate WordPress plugin, which is used for translating WordPress websites into multiple languages. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate security risk.

This module was authored by dhiyaneshDK.

Impact

This module does not directly impact the functionality or security of the gtranslate WordPress plugin. Instead, it helps identify potential misconfigurations or vulnerabilities that could be exploited by attackers.

How does the module work?

The "WordPress gtranslate Plugin Directory Listing" module works by sending a GET request to the "/wp-content/plugins/gtranslate/" path of the target WordPress website. It then applies matching conditions to determine if the directory listing is exposed.

The matching conditions used in this module are:

- Check if the response contains the words "Index of" and "/wp-content/plugins/gtranslate/". - Check if the response status code is 200 (indicating a successful request).

If both matching conditions are met, the module reports the presence of a directory listing in the gtranslate WordPress plugin.

Example HTTP request:

GET /wp-content/plugins/gtranslate/ HTTP/1.1
Host: example.com

For more information, you can refer to the exploit-db.com reference.

Metadata: max-request: 1