Wpmudev Dashboard Pub Key

What is the "Wpmudev Dashboard Pub Key?" module?

The "Wpmudev Dashboard Pub Key" module is a test case designed to detect misconfigurations in the Wpmudev Dashboard plugin for WordPress. It targets the plugin's key storage directory and checks for the presence of publicly accessible ".pub" files. The module has a medium severity level and was authored by dhiyaneshDk.

Impact

If the module detects the presence of ".pub" files in the key storage directory, it indicates a potential security risk. These files may contain sensitive information that could be exploited by attackers to gain unauthorized access to the Wpmudev Dashboard plugin.

How does the module work?

The module sends a GET request to the "/wp-content/plugins/wpmudev-updates/keys/" path and checks for two matching conditions:

- The response body contains the phrases "Index of /", ".pub", and "wpmudev". - The response status code is 200 (OK).

If both conditions are met, the module reports a vulnerability. The module's JSON definition contains additional metadata, such as the maximum number of requests to be sent (max-request: 1).

Example HTTP request:

GET /wp-content/plugins/wpmudev-updates/keys/ HTTP/1.1
Host: example.com

Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.

By using this module, website owners can identify potential misconfigurations in the Wpmudev Dashboard plugin and take appropriate measures to secure their WordPress installations.