Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress mTheme-Unus Theme - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is the "WordPress mTheme-Unus Theme - Local File Inclusion?"

The "WordPress mTheme-Unus Theme - Local File Inclusion" module is designed to detect a vulnerability in the mTheme-Unus WordPress theme. This vulnerability allows an attacker to include local files through the "css.php" file. The severity of this vulnerability is classified as high.

This module was authored by dhiyaneshDk.


If exploited, this vulnerability can allow an attacker to access sensitive information stored in the WordPress configuration file, such as database credentials.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:


The module then applies the following matching conditions:

- The response body must contain the words "DB_NAME" and "DB_PASSWORD". - The response status code must be 200.

If both conditions are met, the module reports a vulnerability.

For more information, you can refer to the WPScan vulnerability report.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability