Update and rename wordpress-register-option-enabled.yaml to wp-registration-enabled.yaml

2022-06-22 09:15:30 +05:30 · 2022-06-22 09:15:30 +05:30 · 8c2025e9f3
parent 0b4df9b0ca
commit 8c2025e9f3
2 changed files with 34 additions and 32 deletions
--- a/misconfiguration/wordpress-register-option-enabled.yaml
+++ b/misconfiguration/wordpress-register-option-enabled.yaml
@ -1,32 +0,0 @@
-id: wordpress-register-option-enabled
-
-info:
-  name: WordPress User Registration Enabled
-  author: tess,DhiyaneshDK
-  severity: high
-  tags: wordpress,wp-plugin,wp
-  description: Your WordPress site is currently configured so that anyone can register as a user. If you are not using this functionality, it's recommended to disable user registration as it caused some security issues in the past and is increasing the attack surface.
-  remediation: Disable user registration if not needed. To disable user registration, log in as an administrator and go to Settings -> General and uncheck "Anyone can register".
-  reference: https://www.acunetix.com/vulnerabilities/web/wordpress-user-registration-enabled/
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-login.php"
-
-    matchers-condition: and
-
-    matchers:
-      - type: word
-        words:
-          - '?action=register">Register</a>'
-        part: body
-
-      - type: word
-        words:
-          - 'text/html'
-        part: header
-
-      - type: status
-        status:
-          - 200
--- a/misconfiguration/wp-registration-enabled.yaml
+++ b/misconfiguration/wp-registration-enabled.yaml
@ -0,0 +1,34 @@
+id: wp-registration-enabled
+
+info:
+  name: WordPress User Registration Enabled
+  author: tess,DhiyaneshDK
+  severity: info
+  description: |
+    Your WordPress site is currently configured so that anyone can register as a user. If you are not using this functionality, it's recommended to disable user registration as it caused some security issues in the past and is increasing the attack surface.
+  remediation: |
+    Disable user registration if not needed. To disable user registration, log in as an administrator and go to Settings -> General and uncheck "Anyone can register".
+  reference: https://www.acunetix.com/vulnerabilities/web/wordpress-user-registration-enabled/
+  tags: wordpress,wp,misconfig
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-login.php"
+
+    matchers-condition: and
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '?action=register"'
+
+      - type: word
+        part: header
+        words:
+          - 'text/html'
+
+      - type: status
+        status:
+          - 200