Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wordpress - Path Disclosure

By kannthu

Vidoc logoVidoc Module

What is "Wordpress - Path Disclosure?"

The "Wordpress - Path Disclosure" module is designed to detect a path disclosure vulnerability in WordPress websites. This vulnerability can occur when certain files are directly loaded, leading to the exposure of sensitive information about the server's file system.

WordPress is a popular content management system (CMS) used by millions of websites worldwide. It provides a user-friendly interface for managing website content and offers a wide range of themes and plugins for customization.

The severity of this vulnerability is classified as informative, indicating that it may not directly lead to a security breach but can provide valuable information to potential attackers.

This module was authored by arcc.


A path disclosure vulnerability in WordPress can expose sensitive information about the server's file system, including the directory structure and file paths. This information can be leveraged by attackers to gain a better understanding of the target system's configuration and potentially identify additional vulnerabilities.

While path disclosure vulnerabilities do not directly allow unauthorized access or code execution, they can still pose a risk to the security of a WordPress website. It is important to address such vulnerabilities to prevent potential exploitation.

How the module works?

The "Wordpress - Path Disclosure" module works by sending a specific HTTP request to the target WordPress website and analyzing the response for specific patterns. In this case, the module sends a GET request to the "/wp-includes/rss-functions.php" path.

The module then checks the response body for the presence of the phrase "Call to undefined function _deprecated_file()". If this phrase is found, it indicates the presence of the path disclosure vulnerability in the target WordPress installation.

The matching conditions for this module are:

- Part: Body
  Type: Word
  Words: [ "Call to undefined function _deprecated_file()" ]
  Negative: false
  Condition: AND

This means that the module will only consider a match if the response body contains the specified phrase exactly as it is, without any other conditions.

It is important to note that this module is just one test case among many that can be performed using the Vidoc platform. Each module focuses on detecting a specific misconfiguration, vulnerability, or software fingerprint.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Call to undefined function _deprecated_f...
Passive global matcher
No matching conditions.
On match action
Report vulnerability