Description
Due to incorrect configuration, the web application discloses a full path to a file with source code, which generated a response, in the "X-SourceFiles" header.
Remediation
Hide X-SourceFiles header
References
Related Vulnerabilities
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.16)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)
WordPress Plugin Log Emails Information Disclosure (1.0.6)
YOURLS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3824)