Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Mailchimp 4 Debug Log Exposure" module is designed to detect the exposure of Mailchimp debug logs in WordPress websites. It targets the wp-content/uploads/mc4wp-debug.log endpoint and checks for specific conditions to determine if the log is accessible. This module has a medium severity level and was authored by aashiq.
If the Mailchimp debug log is exposed, it can potentially reveal sensitive information about the website's Mailchimp integration. This may include warning messages related to form submissions and the content type of the log file.
The module sends a GET request to the /wp-content/uploads/mc4wp-debug.log endpoint and applies several matching conditions to determine if the log is accessible. The matching conditions include:
- Checking if the HTTP response status is 200 - Verifying if the log contains the word "WARNING: Form" - Ensuring that the response header includes the content type "text/plain"If all the matching conditions are met, the module reports a vulnerability indicating the exposure of the Mailchimp debug log.