nuclei-templates/vulnerabilities/wordpress/wp-full-path-disclosure.yaml

21 lines
522 B
YAML

id: wp-full-path-disclosure
info:
name: Wordpress Full Path Disclosure
author: arcc
severity: info
reference:
- https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-there-path-disclosures-when-directly-loading-certain-files
tags: debug,wordpress,fpd
requests:
- method: GET
path:
- "{{BaseURL}}/wp-includes/rss-functions.php"
matchers:
- type: word
words:
- 'Call to undefined function _deprecated_file()'
part: body