WordPress – Directory Listing

Description

Directory listing allows an attacker to see and travel through folders and files of the system, any sensitive resources should be access-controlled, and should not be accessible by an unauthorized party.

Bussines Impact

An attacker could guess the location of sensitive files using automated tools and access those files, this can lead to data exposure which can cause further damage.

Recommendation

Make sure to block access to this directory and hide the record of the files inside it.

More Details

Directory listing is a type of Web page that lists files and directories that exist on a Web server. Organized to be navigated by clicking directory links, directory listings commonly have a title that describes the current directory, a list of files, and directories that can be clicked.

Reference

https://cwe.mitre.org/data/definitions/548.html