Vidoc logo

Module library

All modulesVisit vidocsecurity.com
Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Start for free

WordPress Themes - Code Injection

By kannthu

Critical
Vidoc logoVidoc Module
#wordpress#rce#ssrf#edb#wpscan
Description
Author: madrobot Classification CWE-ID: CWE-94 CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS-Score: 9.8 Fifteen WordPress themes are susceptible to code injection using a version of epsilon-framework, due to lack of capability and CSRF nonce checks in AJAX actions. Reference - https://www.exploit-db.com/exploits/49327 - https://wpscan.com/vulnerability/10417 Metadata max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: Interactsh Server, protocol_versionand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability