Merge pull request #14231 from projectdiscovery/Akokonunes-patch-9

Create wp-mailchimp-for-wp-fpd.yaml

Author: pussycat0x

http/vulnerabilities/wordpress/wp-mailchimp-for-wp-fpd.yaml

@@ -0,0 +1,26 @@
+id: wp-mailchimp-for-wp-fpd
+
+info:
+  name: WordPress Mailchimp for WordPress Plugin - Full Path Disclosure
+  author: 0x_Akoko
+  severity: info
+  description: |
+    WordPress plugin MC4WP: Mailchimp for WordPress internal file system path is exposed.
+  reference:
+    - https://wordpress.org/plugins/mailchimp-for-wp/
+  metadata:
+    verified: true
+    max-request: 1
+  tags: debug,wordpress,fpd,vuln,mailchimp,wp-plugin
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mailchimp-for-wp/integrations/bootstrap.php"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200'
+          - 'contains_all(body, "Fatal error", "Call to undefined function", "mailchimp-for-wp/integrations/bootstrap.php")'
+        condition: and