Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress xmlrpc

By kannthu

Informative
Vidoc logoVidoc Module
#wordpress
Description

WordPress xmlrpc

What is the "WordPress xmlrpc?"

The "WordPress xmlrpc" module is a test case designed to detect misconfigurations or vulnerabilities in the WordPress XML-RPC server. It targets websites running on the WordPress platform.

This module has an informative severity level, meaning it provides valuable information but does not pose an immediate threat.

Author: udit_thakkur

Impact

This module aims to identify potential misconfigurations or vulnerabilities in the WordPress XML-RPC server. If any issues are found, it could potentially expose the website to unauthorized access or other security risks.

How the module works?

The "WordPress xmlrpc" module works by sending a GET request to the "/xmlrpc.php" path of the target website. It then checks the response for a specific condition: "XML-RPC server accepts POST requests only."

If the condition is met, it indicates that the XML-RPC server is properly configured to only accept POST requests, which is the recommended setting. If the condition is not met, it suggests a potential misconfiguration or vulnerability.

By analyzing the response and matching conditions, this module helps identify any issues related to the XML-RPC server configuration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/xmlrpc.php
Matching conditions
word: XML-RPC server accepts POST requests onl...
Passive global matcher
No matching conditions.
On match action
Report vulnerability