Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Wordfence 7.4.5 - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is "WordPress Wordfence 7.4.5 - Local File Inclusion?"

The "WordPress Wordfence 7.4.5 - Local File Inclusion" module is designed to detect a vulnerability in the Wordfence plugin for WordPress. This vulnerability allows an attacker to include local files from the server, potentially leading to unauthorized access or information disclosure. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.


If successfully exploited, the local file inclusion vulnerability in Wordfence 7.4.5 can allow an attacker to access sensitive files on the server. This could include files containing passwords, configuration details, or other sensitive information. The impact of this vulnerability can be significant, as it may lead to further exploitation or compromise of the affected WordPress installation.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:


The module then applies two matching conditions:

- Regex Matcher: The response is checked for the presence of the regex pattern "root:.*:0:0:". If this pattern is found, it indicates that the /etc/passwd file has been successfully included. - Status Matcher: The response status code is checked to ensure it is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability.

For more information, you can refer to the following references:

- -

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability