wp-wpstatistics-log: WordPress Plugin WP Statistics Error Log Disclosure

日期: 2026-01-24 | 影响软件: WordPress Plugin WP Statistics | POC: 已公开

漏洞描述

Detected exposed log files generated by the WP Statistics

PoC代码[已公开]

id: wp-wpstatistics-log

info:
  name: WordPress Plugin WP Statistics Error Log Disclosure
  author: DhiyaneshDk
  severity: medium
  description: |
    Detected exposed log files generated by the WP Statistics
  reference:
    - https://wordpress.org/plugins/wp-statistics/
  metadata:
    verified: true
    max-request: 1
  tags: wordpress,wp,wp-plugin,wp-statistics,log,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/wp-statistics/debug.log"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "WordPress database error","address")'
        condition: and
# digest: 490a00463044022043268dea47b4ff729c29fa600ed0c9140e7385e53ee44a08ab2b17c659ff3ed40220236372e44113407861810e192e5a25106504b5851dcdd7f12c09fe2b1bee13ee:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/wp-wpstatistics-log.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐