Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress WooCommerce - Directory Search

By kannthu

Vidoc logoVidoc Module

What is the "WordPress WooCommerce - Directory Search?"

The "WordPress WooCommerce - Directory Search" module is designed to detect sensitive directory searches in the WordPress WooCommerce plugin. It targets the WooCommerce plugin, which is a popular e-commerce solution for WordPress websites. The severity of this module is informative, meaning it provides information about potential vulnerabilities or misconfigurations rather than actively exploiting them. The original author of this module is dhiyaneshDK.


This module helps identify if sensitive directories within the WooCommerce plugin are accessible. By detecting these directories, website owners can take necessary actions to secure their online stores and protect sensitive information from unauthorized access.

How the module works?

The "WordPress WooCommerce - Directory Search" module works by sending HTTP requests to the "/wp-content/plugins/woocommerce/" path of the target website. It then applies matching conditions to determine if the directory listing is exposed.

An example of an HTTP request sent by this module:

GET /wp-content/plugins/woocommerce/ HTTP/1.1

The module uses two matching conditions:

- Matcher 1: It checks if the response contains the words "Index of" and "/wp-content/plugins/woocommerce/". This indicates that the directory listing is being displayed. - Matcher 2: It verifies if the HTTP response status is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability or misconfiguration to the user.

For more information, you can refer to the Exploit Database.

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Index of, /wp-content/plugins/woocommerc...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability