WordPress Plugins Sensitive Files Detected

medium Web App Scanning Plugin ID 112715

Synopsis

WordPress Plugins Sensitive Files Detected

Description

WordPress Plugins sensitive files have been detected on the target WordPress installation.

This may present an attacker with sensitive information to mount further attacks, such as keys, credentials, internal host names, database tables & SQL queries, security logs, full path disclosures, filenames, software versions and other sensitive information.

Solution

Restrict access to the data file or locate it outside the public webroot where possible.

Plugin Details

Severity: Medium

ID: 112715

Type: remote

Published: 3/9/2021

Updated: 11/26/2021

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information