Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure?"

The "WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure module is designed to detect a specific vulnerability in the AffiliateWP WordPress plugin. This vulnerability allows unauthorized access to the debug log file, which may contain sensitive information. The severity of this vulnerability is classified as low.


If exploited, this vulnerability could potentially expose sensitive information stored in the debug log file. This information may include error messages, referral data, and other details related to the AffiliateWP plugin. Unauthorized access to this information could lead to further attacks or compromise the privacy of users.

How the module works?

The module works by sending a GET request to the "/wp-content/uploads/affwp-debug.log" path of the target WordPress website. It then applies a set of matching conditions to determine if the vulnerability is present. The matching conditions include checking for specific words in the log file, such as "Referral could not be retrieved" and "Affiliate CSV", ensuring that the response header is "text/plain", and verifying that the HTTP status code is 200.

By analyzing the response based on these conditions, the module can identify if the vulnerability exists on the target website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Referral could not be retrieved, Affilia...and
word: text/plainand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability