Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Plugin Email Subscribers Listing

By kannthu

Low
Vidoc logoVidoc Module
#wordpress#listing#plugin#edb
Description

What is the "WordPress Plugin Email Subscribers Listing?"

The "WordPress Plugin Email Subscribers Listing" module is designed to detect sensitive directories present in the email-subscribers plugin. It targets WordPress websites that have the email-subscribers plugin installed. The severity of this module is classified as low. The original author of this module is pussycat0x.

Impact

This module helps identify potential misconfigurations or vulnerabilities in the email-subscribers plugin. By detecting sensitive directories, it provides insights into potential security risks that could be exploited by attackers.

How does the module work?

The module works by sending an HTTP GET request to the "/wp-content/plugins/email-subscribers" path. It then applies matching conditions to determine if the response indicates the presence of sensitive directories. The matching conditions include checking for the presence of the phrases "Index of" and "wp-content/plugins/email-subscribers" in the response body, as well as verifying that the HTTP status code is 200.

Here is an example of the HTTP request sent by the module:

GET /wp-content/plugins/email-subscribers

The module matches the response against the following conditions:

- The response body contains both "Index of" and "wp-content/plugins/email-subscribers". - The HTTP status code is 200.

If both conditions are met, the module considers the presence of sensitive directories in the email-subscribers plugin.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: Index of, wp-content/plugins/email-subsc...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability