Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)

By kannthu

Vidoc logoVidoc Module

What is the "Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)" module?

The "Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)" module is a test case designed to detect an Unauthenticated Server Side Request Forgery (SSRF) vulnerability in the W3 Total Cache WordPress plugin. This vulnerability allows an attacker to make unauthorized requests on behalf of the server, potentially leading to further exploitation.

The severity of this vulnerability is classified as medium.

This module was authored by random_robbie.


If successfully exploited, this vulnerability could allow an attacker to bypass security measures and gain unauthorized access to sensitive information or perform actions on the server.

How does the module work?

The module sends an HTTP GET request to the "/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css" path of the target WordPress website. It then checks the response body for the presence of the word "NessusFileIncludeTest" using a word matching condition.

If the word is found in the response body, the module considers the vulnerability as detected.

For more information about this vulnerability, you can refer to the following references:

- -

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: NessusFileIncludeTest
Passive global matcher
No matching conditions.
On match action
Report vulnerability