Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Plugin Ultimate Member" module is designed to detect sensitive directories present in the Ultimate Member plugin for WordPress. This module focuses on identifying potential misconfigurations or vulnerabilities within the plugin.
The severity of this module is classified as informative, meaning it provides valuable information about the plugin's configuration but does not pose an immediate security risk.
This module was authored by pussycat0x.
The impact of this module is to provide insights into potential misconfigurations or vulnerabilities within the Ultimate Member plugin. By identifying sensitive directories, website administrators can take appropriate actions to secure their WordPress installations and protect user data.
The module works by sending HTTP requests to the "/wp-content/plugins/ultimate-member/" path of the target WordPress website. It then applies matching conditions to determine if the response indicates the presence of sensitive directories.
An example of an HTTP request sent by this module:
GET /wp-content/plugins/ultimate-member/ HTTP/1.1
The module uses two matching conditions:
- The first condition checks if the response contains the words "Index of" and "/wp-content/plugins/ultimate-member/". This indicates that the server is displaying an index of the plugin's directories. - The second condition checks if the response status is 200, indicating a successful request. This confirms that the plugin directory exists and is accessible.Both conditions must be met for the module to consider the presence of sensitive directories within the Ultimate Member plugin.
For more information, you can refer to the exploit-db.com reference.
Metadata: max-request: 1