WordPress license file disclosure

What is the "WordPress license file disclosure?"

The "WordPress license file disclosure" module is designed to detect the presence of the license.txt file in a WordPress installation. This module targets websites running on the WordPress web publishing software. It is an informative module, meaning it provides information rather than detecting a vulnerability or misconfiguration. The module was authored by yashgoti.

Impact

This module does not have a direct impact on the security of the WordPress website. It simply informs the user whether the license.txt file is accessible or not. The presence of the license.txt file does not pose a security risk, but it may provide information about the version of WordPress being used.

How does the module work?

The "WordPress license file disclosure" module sends a GET request to the "/license.txt" path of the target website. It then applies two matching conditions to determine if the license.txt file is present:

- The response body must contain the phrase "WordPress - Web publishing software". - The response status code must be 200 (OK).

If both conditions are met, the module reports a match, indicating that the license.txt file is accessible on the target website.

Example HTTP request:

GET /license.txt

Note: The above example is a simplified representation of the HTTP request sent by the module. The actual request may include additional headers or parameters.