Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Themes Haberadam JSON API - IDOR and Path Disclosure

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Themes Haberadam JSON API - IDOR and Path Disclosure?" module?

The "WordPress Themes Haberadam JSON API - IDOR and Path Disclosure" module is designed to detect a misconfiguration vulnerability in WordPress themes that use the Haberadam JSON API. This vulnerability can lead to an Insecure Direct Object Reference (IDOR) and path disclosure, potentially exposing sensitive information.

This module has a low severity level and was authored by pussycat0x.


If the vulnerability is present, an attacker may be able to access restricted resources or obtain sensitive information by manipulating the ID parameter in the API's mobile-info.php endpoint. Additionally, the path disclosure can reveal internal file structure and potentially aid in further attacks.

How does the module work?

The module sends HTTP GET requests to the following paths:


The module then applies the following matching conditions:

- The response body must contain the words "status", "hava", "degree", and "icon". - The response status code must be 200. - The response header must contain the word "text/html".

If all the conditions are met, the module will report a vulnerability.

For more information, refer to the reference.


- Max request: 2 - Google query: inurl:/wp-content/themes/haberadam/

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: "status", "hava", "degree", "icon"and
status: 200and
word: text/html
Passive global matcher
No matching conditions.
On match action
Report vulnerability