wp-importer-log-disclosure: WordPress Importer - Error Log Disclosure

日期: 2025-12-12 | 影响软件: WordPress Importer | POC: 已公开

漏洞描述

Detected WordPress Importer plugin error log file, potentially revealing file paths, errors, and sensitive information.

PoC代码[已公开]

id: wp-importer-log-disclosure

info:
  name: WordPress Importer - Error Log Disclosure
  author: 0x_Akoko
  severity: low
  description: |
    Detected WordPress Importer plugin error log file, potentially revealing file paths, errors, and sensitive information.
  reference:
    - https://wordpress.org/plugins/wordpress-importer/
  metadata:
    verified: true
    max-request: 1
  tags: wordpress,wp-plugin,exposure,logs

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/wordpress-importer/error_log"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'regex("\\[\\d{2}-[A-Za-z]{3}-\\d{4} \\d{2}:\\d{2}:\\d{2}", body)'
          - 'contains_any(body, "PHP Fatal error:", "PHP Warning:", "PHP Notice:", "PHP Parse error:")'
        condition: and
# digest: 4b0a00483046022100a88f9b57e5194e807cd9e6d6190121cbbe7c0c73994508ff894328364eff8d20022100e305e1bfda27e6a6c6ac9e08c0123485103948f0582fb94bf0f8e6305cf5b43b:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/wp-importer-log-disclosure.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐