Description

WordPress root directory contains a file named readme.html. The readme.html file may reveal sensitive information and is not needed from a functional perspective.

Remediation

Delete the /readme.html file from the WordPress root directory.

References

OWASP Wordpress Security Implementation Guideline

Related Vulnerabilities

WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1)

WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)

WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.2.8)

WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)

WordPress Plugin FireStats Arbitrary File Download (1.6.5)

Severity

Info

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure Test Files