Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Plugin Sfwd-lms Listing

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Plugin Sfwd-lms Listing?"

The "WordPress Plugin Sfwd-lms Listing" module is designed to detect sensitive directories present in the sfwd-lms plugin for WordPress. This module focuses on identifying misconfigurations or vulnerabilities within the plugin. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate threat. The original author of this module is pussycat0x.


This module aims to identify potential security risks within the sfwd-lms plugin for WordPress. By detecting sensitive directories, it helps administrators and developers understand any potential vulnerabilities or misconfigurations that may exist. This information can then be used to take appropriate actions to secure the plugin and prevent any potential exploitation.

How does the module work?

The "WordPress Plugin Sfwd-lms Listing" module utilizes HTTP request templates and matching conditions to scan for sensitive directories within the sfwd-lms plugin. It sends a GET request to the "/wp-content/plugins/sfwd-lms/" path and applies two matching conditions:

    - The first condition checks if the response contains the words "Index of" and "wp-content/plugins/sfwd-lms". This indicates that the directory listing is accessible. - The second condition verifies that the response status is 200, indicating a successful request.

If both conditions are met, the module considers the directory listing as potentially sensitive and reports it as a finding. This allows administrators and developers to review and address any exposed directories within the sfwd-lms plugin.

Example HTTP request:

GET /wp-content/plugins/sfwd-lms/ HTTP/1.1

It's important to note that this module is purely informative and does not actively exploit any vulnerabilities. Its purpose is to provide valuable insights into the security posture of the sfwd-lms plugin.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Index of, wp-content/plugins/sfwd-lmsand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability