Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal?"

The "WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal" module is designed to detect a vulnerability in the WordPress Javo Spot Premium Theme. This vulnerability allows unauthenticated users to perform a directory traversal attack, which can lead to unauthorized access to sensitive files.

The severity of this vulnerability is classified as high, as it can potentially expose critical information stored in the WordPress configuration file.

This module was authored by dhiyaneshDk.


If exploited, this vulnerability can allow attackers to read the contents of the WordPress configuration file, which may contain sensitive information such as database credentials.

How the module works?

The module sends an HTTP GET request to the "/wp-admin/admin-ajax.php" endpoint with specific parameters that trigger the directory traversal vulnerability. Here is an example of the request:

GET /wp-admin/admin-ajax.php?jvfrm_spot_get_json&fn=../../wp-config.php&callback=jQuery

The module then applies matching conditions to the response to determine if the vulnerability is present. The matching conditions include:

- The response body must contain the words "DB_NAME" and "DB_PASSWORD". - The response status code must be 200.

If both conditions are met, the module reports the vulnerability.

For more information about this vulnerability, you can refer to the following references:

- -

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability