Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wpmudev Dashboard Pub Key

By kannthu

Vidoc logoVidoc Module

What is the "Wpmudev Dashboard Pub Key?" module?

The "Wpmudev Dashboard Pub Key" module is a test case designed to detect misconfigurations in the Wpmudev Dashboard plugin for WordPress. It targets the plugin's key storage directory and checks for the presence of publicly accessible ".pub" files. The module has a medium severity level and was authored by dhiyaneshDk.


If the module detects the presence of ".pub" files in the key storage directory, it indicates a potential security risk. These files may contain sensitive information that could be exploited by attackers to gain unauthorized access to the Wpmudev Dashboard plugin.

How does the module work?

The module sends a GET request to the "/wp-content/plugins/wpmudev-updates/keys/" path and checks for two matching conditions:

    - The response body contains the phrases "Index of /", ".pub", and "wpmudev". - The response status code is 200 (OK).

If both conditions are met, the module reports a vulnerability. The module's JSON definition contains additional metadata, such as the maximum number of requests to be sent (max-request: 1).

Example HTTP request:

GET /wp-content/plugins/wpmudev-updates/keys/ HTTP/1.1

Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.

By using this module, website owners can identify potential misconfigurations in the Wpmudev Dashboard plugin and take appropriate measures to secure their WordPress installations.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Index of /, .pub, wpmudevand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability