Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Themes - Code Injection

By kannthu

Vidoc logoVidoc Module
Author: madrobot Classification CWE-ID: CWE-94 CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS-Score: 9.8 Fifteen WordPress themes are susceptible to code injection using a version of epsilon-framework, due to lack of capability and CSRF nonce checks in AJAX actions. Reference - - Metadata max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: Interactsh Server, protocol_versionand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability