Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Plugin Ultimate Member

By kannthu

Informative
Vidoc logoVidoc Module
#wordpress#listing#plugin#edb
Description

What is the "WordPress Plugin Ultimate Member?"

The "WordPress Plugin Ultimate Member" module is designed to detect sensitive directories present in the Ultimate Member plugin for WordPress. This module focuses on identifying potential misconfigurations or vulnerabilities within the plugin.

The severity of this module is classified as informative, meaning it provides valuable information about the plugin's configuration but does not pose an immediate security risk.

This module was authored by pussycat0x.

Impact

The impact of this module is to provide insights into potential misconfigurations or vulnerabilities within the Ultimate Member plugin. By identifying sensitive directories, website administrators can take appropriate actions to secure their WordPress installations and protect user data.

How does the module work?

The module works by sending HTTP requests to the "/wp-content/plugins/ultimate-member/" path of the target WordPress website. It then applies matching conditions to determine if the response indicates the presence of sensitive directories.

An example of an HTTP request sent by this module:

GET /wp-content/plugins/ultimate-member/ HTTP/1.1

The module uses two matching conditions:

- The first condition checks if the response contains the words "Index of" and "/wp-content/plugins/ultimate-member/". This indicates that the server is displaying an index of the plugin's directories. - The second condition checks if the response status is 200, indicating a successful request. This confirms that the plugin directory exists and is accessible.

Both conditions must be met for the module to consider the presence of sensitive directories within the Ultimate Member plugin.

For more information, you can refer to the exploit-db.com reference.

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: Index of, /wp-content/plugins/ultimate-m...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability