WordPress – Documentation File

Description

During the scan, some possible Documentation Files were detected, and, are probably exposed to others as well. That allows an attacker to view and even and download these files.

An attacker could access this file and use the information it contains to perform reconnaissance actions against the website’s infrastructure by using the sensitive data the website might hold.

Documentation Files might contain sensitive, valid information about the website’s infrastructure.
It can also disclose other sensitive data related to it. Attackers are trying to locate those files in order to perform reconnaissance actions.

Recommendation

To prevent this vulnerability, make sure to restrict access to these files, so that users without permission can’t access them, or, you can remove them completely from the website.

References

https://wordpress.org/support/

< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »