From 8c2025e9f3b2a9369a05db01e306b93ccf052e4e Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Wed, 22 Jun 2022 09:15:30 +0530
Subject: [PATCH] Update and rename wordpress-register-option-enabled.yaml to
 wp-registration-enabled.yaml

---
 .../wordpress-register-option-enabled.yaml    | 32 -----------------
 misconfiguration/wp-registration-enabled.yaml | 34 +++++++++++++++++++
 2 files changed, 34 insertions(+), 32 deletions(-)
 delete mode 100644 misconfiguration/wordpress-register-option-enabled.yaml
 create mode 100644 misconfiguration/wp-registration-enabled.yaml

diff --git a/misconfiguration/wordpress-register-option-enabled.yaml b/misconfiguration/wordpress-register-option-enabled.yaml
deleted file mode 100644
index 4281345062..0000000000
--- a/misconfiguration/wordpress-register-option-enabled.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-id: wordpress-register-option-enabled
-
-info:
-  name: WordPress User Registration Enabled
-  author: tess,DhiyaneshDK
-  severity: high
-  tags: wordpress,wp-plugin,wp
-  description: Your WordPress site is currently configured so that anyone can register as a user. If you are not using this functionality, it's recommended to disable user registration as it caused some security issues in the past and is increasing the attack surface.
-  remediation: Disable user registration if not needed. To disable user registration, log in as an administrator and go to Settings -> General and uncheck "Anyone can register".
-  reference: https://www.acunetix.com/vulnerabilities/web/wordpress-user-registration-enabled/
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-login.php"
-
-    matchers-condition: and
-
-    matchers:
-      - type: word
-        words:
-          - '?action=register">Register</a>'
-        part: body
-
-      - type: word
-        words:
-          - 'text/html'
-        part: header
-
-      - type: status
-        status:
-          - 200
diff --git a/misconfiguration/wp-registration-enabled.yaml b/misconfiguration/wp-registration-enabled.yaml
new file mode 100644
index 0000000000..f6ba1a0d20
--- /dev/null
+++ b/misconfiguration/wp-registration-enabled.yaml
@@ -0,0 +1,34 @@
+id: wp-registration-enabled
+
+info:
+  name: WordPress User Registration Enabled
+  author: tess,DhiyaneshDK
+  severity: info
+  description: |
+    Your WordPress site is currently configured so that anyone can register as a user. If you are not using this functionality, it's recommended to disable user registration as it caused some security issues in the past and is increasing the attack surface.
+  remediation: |
+    Disable user registration if not needed. To disable user registration, log in as an administrator and go to Settings -> General and uncheck "Anyone can register".
+  reference: https://www.acunetix.com/vulnerabilities/web/wordpress-user-registration-enabled/
+  tags: wordpress,wp,misconfig
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-login.php"
+
+    matchers-condition: and
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '?action=register"'
+
+      - type: word
+        part: header
+        words:
+          - 'text/html'
+
+      - type: status
+        status:
+          - 200