Description

WPEngine is a provider of managed WordPress hosting. WPEngine creates a folder named _wpeprivate that contains the config.json file. This file contains highly sensitive information (such as WPEngine database credentials) and should not be publicly accessible. It was confirmed that it's possible to access this file without authorization.

Remediation

You should restrict access to the _wpeprivate directory by adjusting your web server configuration.

References

P1 Vulnerability in 60 seconds

WPEngine

Related Vulnerabilities

WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)

Ektron CMS unauthenticated code execution and Local File Read

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

Unrestricted access to NGINX+ Status module

WordPress Plugin Super Refer A Friend Information Disclosure (1.0)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure