WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure

What is the "WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure?"

The "WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure module is designed to detect a specific vulnerability in the AffiliateWP WordPress plugin. This vulnerability allows unauthorized access to the debug log file, which may contain sensitive information. The severity of this vulnerability is classified as low.

Impact

If exploited, this vulnerability could potentially expose sensitive information stored in the debug log file. This information may include error messages, referral data, and other details related to the AffiliateWP plugin. Unauthorized access to this information could lead to further attacks or compromise the privacy of users.

How the module works?

The module works by sending a GET request to the "/wp-content/uploads/affwp-debug.log" path of the target WordPress website. It then applies a set of matching conditions to determine if the vulnerability is present. The matching conditions include checking for specific words in the log file, such as "Referral could not be retrieved" and "Affiliate CSV", ensuring that the response header is "text/plain", and verifying that the HTTP status code is 200.

By analyzing the response based on these conditions, the module can identify if the vulnerability exists on the target website.