Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Wpmudev Dashboard Pub Key" module is a test case designed to detect misconfigurations in the Wpmudev Dashboard plugin for WordPress. It targets the plugin's key storage directory and checks for the presence of publicly accessible ".pub" files. The module has a medium severity level and was authored by dhiyaneshDk.
If the module detects the presence of ".pub" files in the key storage directory, it indicates a potential security risk. These files may contain sensitive information that could be exploited by attackers to gain unauthorized access to the Wpmudev Dashboard plugin.
The module sends a GET request to the "/wp-content/plugins/wpmudev-updates/keys/" path and checks for two matching conditions:
If both conditions are met, the module reports a vulnerability. The module's JSON definition contains additional metadata, such as the maximum number of requests to be sent (max-request: 1).
Example HTTP request:
GET /wp-content/plugins/wpmudev-updates/keys/ HTTP/1.1
Host: example.com
Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.
By using this module, website owners can identify potential misconfigurations in the Wpmudev Dashboard plugin and take appropriate measures to secure their WordPress installations.