Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Mailchimp 4 Debug Log Exposure

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Mailchimp 4 Debug Log Exposure" module?

The "WordPress Mailchimp 4 Debug Log Exposure" module is designed to detect the exposure of Mailchimp debug logs in WordPress websites. It targets the wp-content/uploads/mc4wp-debug.log endpoint and checks for specific conditions to determine if the log is accessible. This module has a medium severity level and was authored by aashiq.


If the Mailchimp debug log is exposed, it can potentially reveal sensitive information about the website's Mailchimp integration. This may include warning messages related to form submissions and the content type of the log file.

How does the module work?

The module sends a GET request to the /wp-content/uploads/mc4wp-debug.log endpoint and applies several matching conditions to determine if the log is accessible. The matching conditions include:

- Checking if the HTTP response status is 200 - Verifying if the log contains the word "WARNING: Form" - Ensuring that the response header includes the content type "text/plain"

If all the matching conditions are met, the module reports a vulnerability indicating the exposure of the Mailchimp debug log.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200and
word: WARNING: Formand
word: text/plain
Passive global matcher
No matching conditions.
On match action
Report vulnerability