nuclei-templates/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml

22 lines
607 B
YAML

id: easy-wp-smtp-listing
info:
name: SMTP WP Plugin Directory listing enabled
author: PR3R00T
severity: high
description: The WordPress Easy WP SMTP Plugin has its 'easy-wp-smtp' folder remotely acccessible and its content available for access.
reference: https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/
tags: wordpress,wp-plugin
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/"
matchers:
- type: word
words:
- "debug"
- "log"
- "Index of"
condition: and