Description

WordPress root directory contains a file named readme.html. The readme.html file may reveal sensitive information and is not needed from a functional perspective.

Remediation

Delete the /readme.html file from the WordPress root directory.

References

OWASP Wordpress Security Implementation Guideline

Related Vulnerabilities

WordPress Plugin Advanced Custom Fields PRO Information Disclosure (6.0.2)

WordPress 5.8 Multiple Vulnerabilities (5.8)

GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability

WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)

WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)

Severity

Info

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure Test Files