WordPress – Possible sensitive files

Description

Some possible sensitive files were exposed, which allows an attacker to view and even download those files.

Bussines Impact

An attacker could access this file and use the information in order to perform reconnaissance actions against the website infrastructure and or sensitive data the website might hold.

Recommendation

To prevent this vulnerability from occurring, make sure to restrict access to these files from users without permission or remove it completely from the website

More Details

wp-content is used to store assets of a website like images, plugins, etc.
By revealing this info (Information disclosure) you will make an attacker’s job easy to see which version of plugins, themes, etc are installed and hence can find attack vectors easily.

Reference

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »