wp-mailchimp-log-exposure: WordPress Mailchimp 4 Debug Log Exposure

漏洞描述

PoC代码[已公开]

id: wp-mailchimp-log-exposure

info:
  name: WordPress Mailchimp 4 Debug Log Exposure
  author: aashiq
  severity: medium
  description: Searches for Mailchimp log exposure by attempting to query the debug log endpoint on wp-content
  metadata:
    max-request: 1
  tags: logs,wordpress,exposure,mailchimp,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/mc4wp-debug.log"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "WARNING: Form"

      - type: word
        words:
          - 'text/plain'
        part: header
# digest: 4a0a00473045022062316f83b8b7b38a89e404a56609984fa5ca18a55b63f28e21ac065a70314f160221008cf4c841ba79a2cee3ab359654a22faca2f7266ddb51d239ada46d6607d38b4d:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2017-14725: WordPress < 4.8.2 - Authenticated Open Redirect
• POC CVE-2017-17092: WordPress < 4.9.1 - Authenticated JavaScript File Upload
• POC wp-security-hidden-login-exposure: WordPress All-in-One Security <=4.4.1 - Hidden Login Page Exposure
• WordPress Kognetiks Chatbot for WordPress <= 2.0.0 任意文件上传漏洞
• WordPress Verbalize WP 存在任意文件上传漏洞（CVE-2024-49668）
• POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
• POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
• WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞（CVE-2025-6440）
• POC CVE-2025-4302: Stop User Enumeration WordPress plugin - Authentication Bypass
• POC cockroachdb-unauth-exposure: CockroachDB Unauthenticated Console Exposure
• POC CVE-2025-55190: ArgoCD Project API Token Repository Credentials Exposure
• POC CVE-2025-9985: Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
• POC churchcrm-installer: ChurchCRM - Setup Exposure