Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
WordPress Mailchimp 4 Debug Log Exposure
By kannthu
Vidoc ModuleDescription
What is the "WordPress Mailchimp 4 Debug Log Exposure" module?
The "WordPress Mailchimp 4 Debug Log Exposure" module is designed to detect the exposure of Mailchimp debug logs in WordPress websites. It targets the wp-content/uploads/mc4wp-debug.log endpoint and checks for specific conditions to determine if the log is accessible. This module has a medium severity level and was authored by aashiq.
Impact
If the Mailchimp debug log is exposed, it can potentially reveal sensitive information about the website's Mailchimp integration. This may include warning messages related to form submissions and the content type of the log file.
How does the module work?
The module sends a GET request to the /wp-content/uploads/mc4wp-debug.log endpoint and applies several matching conditions to determine if the log is accessible. The matching conditions include:
- Checking if the HTTP response status is 200 - Verifying if the log contains the word "WARNING: Form" - Ensuring that the response header includes the content type "text/plain"If all the matching conditions are met, the module reports a vulnerability indicating the exposure of the Mailchimp debug log.